chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - The old online conferention tool, Permissions, Reservations, Searching, Social network, and Surveys: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls.

Browse Source
skala
Ivan Tcholakov 15 years ago
parent 446492fc35
commit 6472e4e9e9
30 changed files with 557 additions and 557 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/online/online_chat.php
  2. 6
      main/online/online_hidden1.php
  3. 2
      main/online/online_hidden2.php
  4. 2
      main/online/online_htmlarea.php
  5. 10
      main/online/online_links.php
  6. 4
      main/online/online_master.php
  7. 2
      main/online/online_message.php
  8. 2
      main/online/online_streaming.php
  9. 4
      main/online/online_whoisonline.php
  10. 2
      main/online/online_working_area.php
  11. 2
      main/permissions/blog_permissions.inc.php
  12. 24
      main/permissions/permissions_functions.inc.php
  13. 8
      main/permissions/roles.php
  14. 192
      main/reservation/rsys.php
  15. 2
      main/reservation/subscribe.php
  16. 114
      main/resourcelinker/resourcelinker.inc.php
  17. 36
      main/resourcelinker/resourcelinker.php
  18. 4
      main/search/search_suggestions.php
  19. 28
      main/social/group_edit.php
  20. 94
      main/social/group_invitation.php
  21. 110
      main/social/home.php
  22. 202
      main/social/profile.php
  23. 36
      main/survey/fillsurvey.php
  24. 14
      main/survey/preview.php
  25. 2
      main/survey/question.php
  26. 6
      main/survey/survey.download.inc.php
  27. 192
      main/survey/survey.lib.php
  28. 8
      main/survey/survey.php
  29. 2
      main/survey/survey_invitation.php
  30. 2
      main/survey/survey_invite.php

2
main/online/online_chat.php
Unescape View File

@ -41,7 +41,7 @@ $reset=$_GET['reset']?true:false;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);

6
main/online/online_hidden1.php
Unescape View File

@ -42,7 +42,7 @@ $tbl_user=Database::get_main_table(TABLE_MAIN_USER);
$tbl_online_connected=Database::get_course_table(TABLE_ONLINE_CONNECTED);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);
@ -63,10 +63,10 @@ $chat_size_old=intval($_POST['chat_size_old']);
$chat_size_new=filesize($onlinePath.'messages-'.$dateNow.'.log');
$query="REPLACE INTO $tbl_online_connected (user_id,last_connection) VALUES('".$_user['user_id']."',NOW())";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
$query="SELECT COUNT(user_id) FROM $tbl_online_connected WHERE last_connection>'".date('Y-m-d H:i:s',time()-60*5)."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
$connected_old=intval($_POST['connected_old']);
list($connected_new)=Database::fetch_row($result);

2
main/online/online_hidden2.php
Unescape View File

@ -41,7 +41,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);

2
main/online/online_htmlarea.php
Unescape View File

@ -41,7 +41,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);

10
main/online/online_links.php
Unescape View File

@ -47,7 +47,7 @@ $tbl_user=Database::get_main_table(TABLE_MAIN_USER);
$tbl_online_link=Database::get_course_table(TABLE_ONLINE_LINK);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);
@ -118,12 +118,12 @@ if($_POST['sent'])
SET name='".addslashes($link_name)."',
url='".addslashes($link_url)."'
WHERE id='$link'";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
}
else
{
$query="INSERT INTO $tbl_online_link (name,url) VALUES('".addslashes($link_name)."','".addslashes($link_url)."')";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
}
}
@ -137,7 +137,7 @@ if($action == 'delete')
$link=intval($_GET['link']);
$query="DELETE FROM $tbl_online_link WHERE id='$link'";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
Database::close();
header('Location: '.api_get_self());
@ -145,7 +145,7 @@ if($action == 'delete')
}
$query="SELECT id,name,url FROM $tbl_online_link ORDER BY name";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
$Links=array();

4
main/online/online_master.php
Unescape View File

@ -45,7 +45,7 @@ $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_online_link=Database::get_course_table(TABLE_ONLINE_LINK);
$query="SELECT t1.user_id,username,picture_uri,t2.status FROM $tbl_user t1,$tbl_course_user t2 WHERE t1.user_id=t2.user_id AND course_code='$_cid' AND (t1.user_id='".$_user['user_id']."' OR t2.status='1')";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
while($row=Database::fetch_array($result))
{
@ -114,7 +114,7 @@ if(!$isMaster)
}
$query="SELECT id,name,url FROM $tbl_online_link ORDER BY name";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
$Links=Database::store_result($result);
}

2
main/online/online_message.php
Unescape View File

@ -50,7 +50,7 @@ $question = $_REQUEST['question'];
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);

2
main/online/online_streaming.php
Unescape View File

@ -41,7 +41,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);

4
main/online/online_whoisonline.php
Unescape View File

@ -45,7 +45,7 @@ $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_online_connected = Database::get_course_table(TABLE_ONLINE_CONNECTED);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);
@ -60,7 +60,7 @@ if(!$isAllowed)
$pictureURL=api_get_path(WEB_CODE_PATH).'upload/users/';
$query="SELECT t1.user_id,t1.username,t1.firstname,t1.lastname,t1.picture_uri,t3.status FROM $tbl_user t1,$tbl_online_connected t2,$tbl_course_user t3 WHERE t1.user_id=t2.user_id AND t3.user_id=t1.user_id AND t3.course_code = '".$_course[sysCode]."' AND t2.last_connection>'".date('Y-m-d H:i:s',time()-60*5)."' ORDER BY t1.username";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
$Users=Database::store_result($result);

2
main/online/online_working_area.php
Unescape View File

@ -40,7 +40,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);

2
main/permissions/blog_permissions.inc.php
Unescape View File

@ -19,7 +19,7 @@ $blog_users = Blog::get_blog_users(Database::escape_string($_GET['blog_id']));
// and we want to keep it that way.
$tbl_course_rel_user = $table=Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT user_id FROM $tbl_course_rel_user WHERE status = '1' AND course_code = '".$_SESSION['_cid']."'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
while ($user = Database::fetch_assoc($result)) {
unset($blog_users[$user['user_id']]);
}

24
main/permissions/permissions_functions.inc.php
Unescape View File

@ -42,7 +42,7 @@ function store_permissions($content, $id)
// We first delete all the existing permissions for that user/group/role
$sql="DELETE FROM $table WHERE $id_field = '".Database::escape_string($id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
// looping through the post values to find the permission (containing the string permission* )
foreach ($_POST as $key => $value)
@ -51,7 +51,7 @@ function store_permissions($content, $id)
{
list($brol,$tool,$action)=explode("*",$key);
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
}
@ -101,7 +101,7 @@ function store_one_permission($content, $action, $id, $tool,$permission)
if($action=='grant')
{
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if($result)
{
$result_message=get_lang('PermissionGranted');
@ -110,7 +110,7 @@ function store_one_permission($content, $action, $id, $tool,$permission)
if($action=='revoke')
{
$sql="DELETE FROM $table WHERE $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if($result)
{
$result_message=get_lang('PermissionRevoked');
@ -162,7 +162,7 @@ function get_permissions($content, $id)
$sql="
SELECT * FROM " . $table . "
WHERE " . $id_field . "='" . Database::escape_string($id) . "'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while($row = Database::fetch_array($result))
$currentpermissions[$row['tool']][] = $row['action'];
@ -419,7 +419,7 @@ function display_role_list($current_course_roles, $current_platform_roles)
/*
// platform roles
$sql="SELECT * FROM $platform_roles_table";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
if(in_array($row['role_id'], $current_platform_roles))
@ -448,7 +448,7 @@ function display_role_list($current_course_roles, $current_platform_roles)
*/
// course roles
$sql="SELECT * FROM $coures_roles_table";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
if(in_array($row['role_id'], $current_course_roles))
@ -504,7 +504,7 @@ function get_roles($content,$id, $scope='course')
$current_roles=array();
//$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";
$sql="SELECT role_id FROM $table WHERE $id_field = '$id' AND scope='".$scope."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
$current_roles[]=$row['role_id'];
@ -532,7 +532,7 @@ function get_all_roles($content='course')
$current_roles=array();
$sql="SELECT * FROM $table_role";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
$roles[]=$row;
@ -594,7 +594,7 @@ function get_roles_permissions($content,$id, $scope='course')
role_group_user.role_id = role.role_id AND
role.role_id = role_permissions.role_id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while($row=Database::fetch_array($result))
$current_role_permissions[$row['tool']][]=$row['action'];
@ -633,7 +633,7 @@ function assign_role($content, $action, $id, $role_id, $scope='course')
if($action=='grant')
{
$sql="INSERT INTO $table (role_id, scope, $id_field) VALUES ('".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if($result)
{
$result_message=get_lang('RoleGranted');
@ -642,7 +642,7 @@ function assign_role($content, $action, $id, $role_id, $scope='course')
if($action=='revoke')
{
$sql="DELETE FROM $table WHERE $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if($result)
{
$result_message=get_lang('RoleRevoked');

8
main/permissions/roles.php
Unescape View File

@ -42,22 +42,22 @@ if (isset($_GET['action']) AND isset($_GET['role_id']) AND $_GET['action']=='del
//deleting the assignments fo this role: users
$table=Database::get_course_table(TABLE_ROLE_USER);
$sql="DELETE FROM $table WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
// deleting the assignments of this role: groups
$table=Database::get_course_table(TABLE_ROLE_GROUP);
$sql="DELETE FROM $table WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
// deleting the permissions of this role
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
$sql="DELETE FROM $table WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
// deleting the role
$table_role=Database::get_course_table(TABLE_ROLE);
$sql="DELETE FROM $table_role WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$result_message=get_lang('RoleDeleted');
}

192
main/reservation/rsys.php
Unescape View File

@ -59,7 +59,7 @@ class Rsys {
function get_num_subscriptions_reservationperiods($res_id) {
$sql = "SELECT COUNT(*) FROM ".Rsys :: getTable("subscription")." s
WHERE s.reservation_id = '".Database::escape_string($res_id)."'";
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql), 0, 0);
}
/**
@ -166,7 +166,7 @@ class Rsys {
function add_category($naam) {
if (Rsys :: check_category($naam)) {
$sql = "INSERT INTO ".Rsys :: getTable("category")." (name) VALUES ('".Database::escape_string($naam)."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return Database::insert_id();
}
return false;
@ -180,7 +180,7 @@ class Rsys {
*/
function check_category($name, $id=0) {
$sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower(Database::escape_string($name))."' AND id<>".Database::escape_string($id)."";
$Result = Database::query($sql, __FILE__, __LINE__);
$Result = Database::query($sql);
return (Database::num_rows($Result) == 0);
}
@ -193,7 +193,7 @@ class Rsys {
function edit_category($id, $name) {
if (Rsys :: check_category($name, $id)) {
$sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id =".Database::escape_string($id)."";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return $id;
}
return false;
@ -206,10 +206,10 @@ class Rsys {
*/
function delete_category($id) {
$sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id=".Database::escape_string($id)."";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) == 0) {
$sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id =".Database::escape_string($id)."";
Database::query($sql2, __FILE__, __LINE__);
Database::query($sql2);
return 0;
} else {
return Database::num_rows($result);
@ -230,7 +230,7 @@ class Rsys {
$sql .= " WHERE id = ".Database::escape_string($id)."";
else
$sql .= " ORDER BY ".$orderby;
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
if (!empty ($id))
return $arr[0];
else
@ -252,7 +252,7 @@ class Rsys {
WHERE (cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)."
GROUP BY c.id ORDER BY ".$orderby;
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
@ -271,7 +271,7 @@ class Rsys {
WHERE (cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)."
GROUP BY c.id ORDER BY ".$orderby;
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
@ -297,7 +297,7 @@ class Rsys {
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM'))
$arr[] = $array;
return $arr;
@ -314,7 +314,7 @@ class Rsys {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE name LIKE '%".$keyword."%' OR id LIKE '%".$keyword."%'";
}
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql), 0, 0);
}
/*
@ -337,7 +337,7 @@ class Rsys {
WHERE LCASE(name)='".strtolower(Database::escape_string($item))."'
AND category_id=".Database::escape_string($category)."
AND id<>".Database::escape_string($id)."";
$Result = Database::query($sql, __FILE__, __LINE__);
$Result = Database::query($sql);
return (Database::num_rows($Result) == 0);
}
@ -353,7 +353,7 @@ class Rsys {
function add_item($name, $description, $category, $course = "") {
if (Rsys :: check_item($name, $category)) {
$sql = "INSERT INTO ".Rsys :: getTable("item")." (category_id,course_code,name,description,creator) VALUES ('".Database::escape_string($category)."','".Database::escape_string($course)."','".Database::escape_string($name)."','".Database::escape_string($description)."','".api_get_user_id()."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return Database::insert_id();
}
return false;
@ -375,7 +375,7 @@ class Rsys {
return false;
$sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".Database::escape_string($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."' " .
"WHERE id =".Database::escape_string($id)."";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return $id;
}
@ -388,18 +388,18 @@ class Rsys {
if (!Rsys :: item_allow($id, 'delete'))
return false;
$sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id=".Database::escape_string($id)."";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result)) {
if (Rsys :: mysql_datetime_to_timestamp(date('Y-m-d H:i:s')) <= Rsys :: mysql_datetime_to_timestamp($array[1]))
$checked = true;
}
if (!$checked) {
$sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id =".Database::escape_string($id)."";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id =".Database::escape_string($id)."";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id =".Database::escape_string($id)."";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return '0';
} else {
return Database::num_rows($result);
@ -431,7 +431,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE i.id='".Database::escape_string($item_id)."' AND (". (!empty ($x) ? "(cu.user_id='".api_get_user_id()."' AND ".$x.") OR " : '')." i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).")";
return Database::num_rows(Database::query($sql, __FILE__, __LINE__)) > 0;
return Database::num_rows(Database::query($sql)) > 0;
}
/**
@ -450,7 +450,7 @@ class Rsys {
$sql .= " WHERE i.id = '".$id."'";
} else
$sql .= " LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id WHERE (cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." ORDER BY ".$orderby;
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
if (!empty ($id))
return $arr[0]; // Return one row only
else
@ -466,7 +466,7 @@ class Rsys {
function is_blackout($itemid) {
$sql = "SELECT id FROM ".Rsys :: getTable("item");
$sql .= " WHERE id = ".Database::escape_string($itemid)." AND blackout=1";
return Database::num_rows(Database::query($sql, __FILE__, __LINE__)) == 1;
return Database::num_rows(Database::query($sql)) == 1;
}
/**
@ -478,7 +478,7 @@ class Rsys {
*/
function get_category_items($id, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
@ -491,7 +491,7 @@ class Rsys {
*/
function get_course_items($id, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
@ -524,7 +524,7 @@ class Rsys {
}
$sql .= " GROUP BY i.id ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
if (!$array[4])
@ -547,7 +547,7 @@ class Rsys {
WHERE ( 1=". (api_is_platform_admin() ? 1 : 0)."
OR ((cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' ))";
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql), 0, 0);
}
/**
@ -562,13 +562,13 @@ class Rsys {
function get_table_itemrights($from, $per_page, $column, $direction) {
$itemid = Database::escape_string($_GET['item_id']);
$sql = "SELECT id, name FROM ".Database :: get_main_table(TABLE_MAIN_CLASS);
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
$sql = "SELECT item_id, class_id,edit_right,delete_right,m_reservation,view_right
FROM ".Rsys :: getTable("item_rights")." WHERE item_id=".$itemid;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr1[] = $array;
}
@ -624,14 +624,14 @@ class Rsys {
$column = Database::escape_string($column);
$sql = "SELECT item_id FROM ".Rsys :: getTable("item_rights")."WHERE item_id=".$item_id." AND class_id=".$class_id;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$switcher = Database::num_rows($result);
if ($switcher > 0) {
$sql = $sql = "UPDATE ".Rsys :: getTable("item_rights")." SET ".$column."='".$value."' WHERE class_id = '".$class_id."' AND item_id ='".$item_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
} else {
$sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,".$column.") VALUES ('".$item_id."','".$class_id."','".$value."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
}
@ -642,7 +642,7 @@ class Rsys {
*/
function get_num_itemrights() {
$sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS);
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql), 0, 0);
}
/**
@ -655,7 +655,7 @@ class Rsys {
$item_id = Database::escape_string($item_id);
$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)."
WHERE id NOT IN (SELECT class_id FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC";
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
@ -668,7 +668,7 @@ class Rsys {
function get_num_itemfiltered_class($item_id) {
$item_id = Database::escape_string($item_id);
$sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id NOT IN (SELECT class_id FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC";
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql), 0, 0);
}
/**
@ -684,7 +684,7 @@ class Rsys {
if (!Rsys :: item_allow($item_id, 'm_rights'))
return false;
$sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,edit_right,delete_right,m_reservation) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($class_id)."','".Database::escape_string($edit)."','".Database::escape_string($delete)."','".Database::escape_string($m_reservation)."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
/**
@ -704,7 +704,7 @@ class Rsys {
if (!Rsys :: item_allow($item_id, 'm_rights'))
return false;
$sql = "UPDATE ".Rsys :: getTable("item_rights")." SET edit_right='".Database::escape_string($edit)."', delete_right='".Database::escape_string($delete)."', m_reservation='".Database::escape_string($m_reservation)."' WHERE class_id = '".$class_id."' AND item_id ='".$item_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
/**
@ -719,13 +719,13 @@ class Rsys {
if (!Rsys :: item_allow($item_id, 'm_rights'))
return false;
$sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."' AND class_id='".$class_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
function get_class_group($class_id) {
$class_id = Database::escape_string($class_id);
$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id='".$class_id."'";
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
@ -734,17 +734,17 @@ class Rsys {
$class_id = Database::escape_string($class_id);
$sql = "SELECT * FROM ".Rsys :: getTable('item_rights')." WHERE item_id='".$item_id."' AND class_id='".$class_id."'";
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql));
return $arr;
}
function black_out_changer($item_id) {
$item_id = Database::escape_string($item_id);
$sql = "SELECT blackout FROM ".Rsys :: getTable("item")." WHERE id='".$item_id."'";
$Value = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$Value = Database::store_result(Database::query($sql));
($Value[0][0] == 0 ? $changedValue = 1 : $changedValue = 0);
$sql = "UPDATE ".Rsys :: getTable("item")." SET blackout='".$changedValue."' WHERE id = '".$item_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Rsys :: black_out_notifier($item_id, $Value[0][0]);
return $changedValue;
}
@ -756,17 +756,17 @@ class Rsys {
$sql = "SELECT id, timepicker FROM ".Rsys :: getTable('reservation')."
WHERE item_id='".$item_id."' AND subscribers > '0'";
$value == 1 ? $sql .= " AND end_at >= (NOW()-7000000) " : $sql .= " AND end_at >= NOW()";
$reservations = Database::query($sql, __FILE__, __LINE__);
$reservations = Database::query($sql);
while ($reservation = Database::fetch_array($reservations)) {
$sql = "SELECT user_id FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation[0]."'";
if ($reservation[1] == 1) {
$sql .= " AND end_at >= NOW() ";
}
$subscriptions = Database::query($sql, __FILE__, __LINE__);
$subscriptions = Database::query($sql);
while ($subscription = Database::fetch_array($subscriptions)) {
$user_info = api_get_user_info($subscription[0]);
$sql2 = "SELECT name FROM ".Rsys :: getTable('item')." WHERE id='".$item_id."'";
$items = Database::query($sql2, __FILE__, __LINE__);
$items = Database::query($sql2);
$item = Database::fetch_array($items);
$item_name=$item['name'];
if ($reservation[1] == 0)
@ -779,7 +779,7 @@ class Rsys {
//er wordt gebruik gemaakt van een timepicker dus begin en einddatum kan opgehaald worden uit subscriptions
$sql2 = "SELECT start_at,end_at FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation[0]."'";
}
$items = Database::query($sql2, __FILE__, __LINE__);
$items = Database::query($sql2);
$item = Database::fetch_array($items);
$begindatum = $item['start_at'];
$einddatum = $item['end_at'];
@ -826,7 +826,7 @@ class Rsys {
$sql = "SELECT * FROM ".Rsys :: getTable('reservation')." WHERE item_id='".$item_id."' ORDER BY start_at";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result)) {
$GLOBALS['start_date'] = $array[5];
@ -843,7 +843,7 @@ class Rsys {
start_at < '".$end_at."') OR
(end_at > '".$start_at."' AND
end_at < '".$end_at."') OR (start_at <= '".$start_at."' AND end_at >= '".$end_at."')) AND item_id='".$item_id."'";
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql));
if (count($result) != 0){
$GLOBALS['start_date'] = $result[1];
$GLOBALS['end_date'] = $result[2];
@ -862,7 +862,7 @@ class Rsys {
$sql = "SELECT * FROM ".Rsys :: getTable('reservation')." WHERE item_id='".$item_id."' AND id <> '".$reservation_id."' ORDER BY start_at";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result)) {
$GLOBALS['start_date'] = $array[5];
@ -881,7 +881,7 @@ class Rsys {
end_at < '".$end_at."') OR
(start_at <= '".$start_at."' AND
end_at >= '".$end_at."')) AND item_id='".$item_id."' AND id <> '".$reservation_id."'";
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql));
if (count($result) != 0){
$GLOBALS['start_date'] = $result[1];
@ -899,7 +899,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE (cu.user_id='".api_get_user_id()."' AND ir.m_reservation=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." ORDER BY cat.name ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result))
$arr[$array['catid']] = $array['catname'];
return $arr;
@ -918,7 +918,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."' AND ir.m_reservation=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).") AND (category_id =".$category.")
ORDER BY cat.name ASC, i.name ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result))
$arr[$array['id']] = $array['catitem'];
return $arr;
@ -937,7 +937,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."' AND ir.view_right=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).") AND (category_id =".$category.")
ORDER BY cat.name ASC, i.name ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result))
$arr[$array['id']] = $array['catitem'];
return $arr;
@ -974,7 +974,7 @@ class Rsys {
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -990,7 +990,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."'AND ir.edit_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND r.id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -1006,7 +1006,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."'AND ir.delete_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND r.id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -1016,7 +1016,7 @@ class Rsys {
function check_auto_accept($id) {
$id = Database::escape_string($id);
$sql = "SELECT auto_accept FROM ".Rsys :: getTable('reservation')." WHERE id='".$id."'";
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql), 0, 0);
}
/**
@ -1036,7 +1036,7 @@ class Rsys {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i.name LIKE '%".$keyword."%' OR i.description LIKE '%".$keyword."%' OR r.notes LIKE '%".$keyword."%')";
}
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql), 0, 0);
}
/**
@ -1096,7 +1096,7 @@ class Rsys {
}
$sql = "INSERT INTO ".Rsys :: getTable("reservation")." (item_id,auto_accept,max_users,start_at,end_at,subscribe_from,subscribe_until,notes,timepicker,timepicker_min,timepicker_max,subid) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($auto_accept)."','". (intval($max_users) > 1 ? $max_users : 1)."','".Database::escape_string($start_at)."','".Database::escape_string($end_at)."','".Database::escape_string($subscribe_from)."','".Database::escape_string($subscribe_until)."','".Database::escape_string($notes)."','".$timepicker."','".$min."','".$max."','". ($subid == 0 ? 0 : $subid)."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return 0;
}
@ -1126,7 +1126,7 @@ class Rsys {
return 2;
}
$sql = "SELECT timepicker, subscribers FROM ".Rsys :: getTable("reservation")." WHERE id='".$id."'";
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql));
if ($result[0] == 0 && $result[1] > $max_users) {
return 3;
}
@ -1136,7 +1136,7 @@ class Rsys {
}
if ($auto_accept == 1) {
$sql = "SELECT dummy FROM ".Rsys :: getTable("subscription")." WHERE reservation_id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
Rsys :: set_accepted($array[0], 1);
}
@ -1144,7 +1144,7 @@ class Rsys {
$auto_accept = 0;
}
$sql = "UPDATE ".Rsys :: getTable("reservation")." SET item_id='".Database::escape_string($item_id)."',auto_accept='".Database::escape_string($auto_accept)."',max_users='". ($max_users > 1 ? $max_users : 1)."',start_at='".Database::escape_string($start_at)."',end_at='".Database::escape_string($end_at)."',subscribe_from='".Database::escape_string($subscribe_from)."',subscribe_until='".Database::escape_string($subscribe_until)."',notes='".Database::escape_string($notes)."' WHERE id='".$id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return 0;
}
@ -1155,22 +1155,22 @@ class Rsys {
$id = Database::escape_string($id);
$sql = "SELECT id FROM ".Rsys :: getTable("reservation")."WHERE id='".$id."' OR subid='".$id."'";
$result2 = Database::query($sql, __FILE__, __LINE__);
$result2 = Database::query($sql);
while ($arr = Database::fetch_array($result2, 'NUM')) {
$sql = "SELECT s.dummy, s.user_id, i.name, r.start_at, r.end_at
FROM ".Rsys :: getTable("subscription")." s
INNER JOIN ".Rsys :: getTable("reservation")." r ON s.reservation_id = r.id
INNER JOIN ".Rsys :: getTable("item")." i ON r.item_id = i.id
WHERE s.reservation_id='".$arr[0]."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$user_info = api_get_user_info($array[1]);
api_send_mail($user_info['mail'], str_replace('#NAME#', $array[2], get_lang("ReservationDeleteTitle")), str_replace('#START#', $array[3], str_replace('#END#', $array[4], str_replace('#NAME#', $array[2], get_lang("ReservationDeleteMessage")))));
$sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".$array[0]."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
$sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE id='".$arr[0]."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
}
@ -1180,7 +1180,7 @@ class Rsys {
where i.id = r.item_id
and r.id = '".$id."'
and i.creator ='".api_get_user_id()."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) != 0)
return 1;
return 0;
@ -1196,7 +1196,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE (cu.user_id='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." OR 1=".(Rsys :: is_owner_item("$id")? 1 : 0).") AND r.id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM'))
$arr[] = $array;
return $arr;
@ -1223,7 +1223,7 @@ class Rsys {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i1.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql), 0, 0);
}
function get_table_subcribed_reservations($from, $per_page, $column, $direction) {
@ -1260,10 +1260,10 @@ class Rsys {
$sql .= " AND (i1.name LIKE '%".$keyword."%' or c.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
/*$result = Database::query($sql, __FILE__, __LINE__);
/*$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM'))
$arr[] = $array;*/
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$row = array();
$row[] = $array[0];
@ -1302,7 +1302,7 @@ class Rsys {
if (isset ($_GET['rid'])) {
$sql .= " WHERE reservation_id = '".intval($_GET['rid'])."'";
}
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql), 0, 0);
}
function get_table_waiting_users($from, $per_page, $column, $direction) {
@ -1331,7 +1331,7 @@ class Rsys {
$sql .= " and r.id = '".Database::escape_string($_GET['rid'])."'";
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -1342,7 +1342,7 @@ class Rsys {
FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." cl
INNER JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = cl.id
WHERE cu.user_id=".$arr[$count][2]." LIMIT 1";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr2[] = $array;
}
@ -1384,13 +1384,13 @@ class Rsys {
$id = Database::escape_string($id);
$value = Database::escape_string($value);
$sql = "UPDATE ".Rsys :: getTable('subscription')." SET ACCEPTED='".$value."' WHERE dummy='".$id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$user_info = api_get_user_info($subscription[0]);
$sql = "SELECT name FROM ".Rsys :: getTable('subscription')." s
INNER JOIN ".Rsys :: getTable('reservation')." r ON s.reservation_id = r.id
INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id = i.id
WHERE dummy='".$id."'";
$items = Database::query($sql, __FILE__, __LINE__);
$items = Database::query($sql);
$item = Database::fetch_array($items);
$item_name = $item[0];
@ -1399,14 +1399,14 @@ class Rsys {
where id in ( SELECT reservation_id
from ".Rsys :: getTable('subscription')."
where dummy ='".$id."')";
$items = Database::query($sql, __FILE__, __LINE__);
$items = Database::query($sql);
$item = Database::fetch_array($items);
if ($item['timepicker'] == '1')
{
$sql = "SELECT start_at, end_at
from ".Rsys :: getTable('subscription')."
where dummy ='".$id."'";
$items = Database::query($sql, __FILE__, __LINE__);
$items = Database::query($sql);
$item = Database::fetch_array($items);
}
$begin_datum = $item['start_at'];
@ -1441,7 +1441,7 @@ class Rsys {
$sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
WHERE start_at > '".$start_at."' AND id='".$reservation_id."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) != 0){
$result2 = Database::fetch_array($result);
$GLOBALS['start_date'] = $result2[1];
@ -1451,7 +1451,7 @@ class Rsys {
$sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
WHERE end_at < '".$end_at."' AND id='".$reservation_id."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) != 0){
$result2 = Database::fetch_array($result);
$GLOBALS['start_date'] = $result2[1];
@ -1461,7 +1461,7 @@ class Rsys {
$sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation_id."' ORDER BY start_at";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result)) {
$GLOBALS['start_date'] = $array[4];
$GLOBALS['end_date'] = $array[5];
@ -1478,7 +1478,7 @@ class Rsys {
end_at < '".$end_at."')OR
(start_at <= '".$start_at."' AND
end_at >= '".$end_at."')) AND reservation_id='".$reservation_id."' ";
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql));
if (count($result) != 0){
$GLOBALS['start_date'] = $result[1];
$GLOBALS['end_date'] = $result[2];
@ -1500,7 +1500,7 @@ class Rsys {
*/
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) != 0)
return true;
return false;
@ -1517,17 +1517,17 @@ class Rsys {
$accepted = Database::escape_string($accepted);
$sql = "SELECT user_id FROM ".Rsys :: getTable("subscription")." WHERE user_id='".$user_id."' AND reservation_id='".$reservation_id."'";
if (Database::num_rows(Database::query($sql, __FILE__, __LINE__)) == 0) {
if (Database::num_rows(Database::query($sql)) == 0) {
$sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers+1 WHERE id='".$reservation_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "SELECT s.user_id, i.name, r.start_at, r.end_at
FROM ".Rsys :: getTable("subscription")." s
INNER JOIN ".Rsys :: getTable("reservation")." r ON s.reservation_id = r.id
INNER JOIN ".Rsys :: getTable("item")." i ON r.item_id = i.id
WHERE reservation_id='".$reservation_id."' AND user_id='".$user_id."'";
$result = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$result = Database::store_result(Database::query($sql));
$user_info = api_get_user_info();
$titel = str_replace('#ITEM#', $result[0][1], get_lang("ReservationMadeTitle"));
$inhoud = str_replace('#ITEM#', $result[0][1], str_replace('#START#', $result[0][2], str_replace('#END#', $result[0][3], get_lang("ReservationMadeMessage"))));
@ -1556,7 +1556,7 @@ class Rsys {
return 3;
}
$sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$end_date."')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return 0;
}
@ -1565,9 +1565,9 @@ class Rsys {
*/
function delete_subscription($reservation_id, $dummy) {
$sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".Database::escape_string($dummy)."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers-1 WHERE id='".Database::escape_string($reservation_id)."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
/**
@ -1594,7 +1594,7 @@ class Rsys {
INNER JOIN ".Rsys :: getTable("item")." i ON i.id=r.item_id
WHERE s.user_id = '".api_get_user_id()."'";
$sql .= "ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM'))
{ $row = array();
$row[] = $array[0];
@ -1641,7 +1641,7 @@ class Rsys {
INNER JOIN ".Rsys :: getTable("reservation")." r ON r.id = s.reservation_id
INNER JOIN ".Rsys :: getTable("item")." i ON i.id=r.item_id
WHERE s.user_id = '".api_get_user_id()."'";
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql), 0, 0);
}
/**
@ -1652,7 +1652,7 @@ class Rsys {
FROM ".Rsys::getTable('reservation')." r
INNER JOIN ".Rsys::getTable('item')." i ON r.item_id=i.id
WHERE i.id='".$item_id."'"; // AND r.subscribe_until < NOW() // TODO: subscribe_until controle
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while($array=Database::fetch_array($result))
$arr[$array['reservation_id']]=$array['start_at'].' - '.$array['end_at'];
return $arr;
@ -1682,7 +1682,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE r.item_id='".$itemid."' AND (((cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND
(r.start_at<='".$from."' AND r.end_at>='".$from."') OR (r.start_at>='".$from."' AND r.start_at<='".$till."')) ORDER BY start_at ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$max_start_at = -1;
$min_end_at = -1;
$ids = '';
@ -1705,7 +1705,7 @@ class Rsys {
}
$ids = substr($ids, 0, -1);
$sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE reservation_id IN (".$ids.") AND (start_at='0000-00-00 00:00:00' OR (start_at<='".$from."' AND end_at>='".$from."') OR (start_at>='".$from."' AND start_at<='".$till."')) ORDER BY start_at ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'ASSOC')) {
// echo $array['reservation_id'].': '.$array['start_at'].'-'.$array['end_at'].'<br />';
if ($rarr['reservations'][$array['reservation_id']]['info']['timepicker']) {
@ -1730,7 +1730,7 @@ class Rsys {
FROM ".Rsys :: getTable('reservation')." r
INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
WHERE r.id NOT IN (SELECT s.reservation_id FROM ".Rsys :: getTable('subscription')." s WHERE r.id=s.reservation_id AND s.user_id='".api_get_user_id()."') AND i.id='".$item_id."'"; // AND r.subscribe_until < NOW() // TODO: subscribe_until controle
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result))
$arr[$array['reservation_id']] = $array['start_at'].' - '.$array['end_at'];
return $arr;
@ -1748,7 +1748,7 @@ class Rsys {
// TODO: only return for current user...
$sql = "SELECT r.*,s.start_at AS tp_start,s.end_at AS tp_end,s.accepted FROM ".Rsys :: getTable('subscription')." s INNER JOIN ".Rsys :: getTable('reservation')." r ON s.reservation_id = r.id WHERE ((r.timepicker=0 AND r.start_at>='".$from."' AND r.end_at<='".$till."') OR (s.start_at>='".$from."' AND s.end_at<='".$till."'))";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($array = Database::fetch_array($result)) {
$arr[] = $array;
if ($arr['timepicker'] == 1) {
@ -1762,7 +1762,7 @@ class Rsys {
{
$item_name = Database::escape_string($item_name);
$sql = "SELECT id FROM ".Rsys :: getTable('item')." WHERE name='".$item_name."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$result_array = Database::fetch_array($result);
return $result_array['id'];
}

2
main/reservation/subscribe.php
Unescape View File

@ -88,7 +88,7 @@ if ($reservation[0][9] < $reservation[0][4]) {
$sql = "SELECT start_at, end_at FROM ".Rsys :: getTable('subscription')."
WHERE reservation_id='".$reservationid."' and end_at > NOW() ORDER BY start_at";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) != 0){
$start_end = "<ul>";
while ($array = Database::fetch_array($result)) {

114
main/resourcelinker/resourcelinker.inc.php
Unescape View File

@ -109,7 +109,7 @@ function show_documents($folder)
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$document_table = Database::get_course_table(TABLE_DOCUMENT);
$sql="SELECT * from $document_table docs, $item_property_table ip WHERE docs.id=ip.ref AND ip.tool = '".TOOL_DOCUMENT."' AND $visibility AND ip.to_group_id = 0 AND ip.to_user_id IS NULL ORDER BY docs.path ASC";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
if (!$folder)
@ -244,7 +244,7 @@ function store_resources($source_type, $source_id)
foreach ($addedresource as $resource_type)
{
$sql="INSERT INTO $resource_table (source_type, source_id, resource_type, resource_id) VALUES ('$source_type', '$source_id', '$resource_type', '".$addedresourceid[key($addedresource)]."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$i=key($addedresource);
next($addedresource);
}
@ -276,31 +276,31 @@ function display_addedresource_link($type, $id, $style='')
{
case 'Agenda':
$TABLEAGENDA = $_course['dbNameGlu'].'calendar_event';
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id");
$myrow = Database::fetch_array($result);
echo '<img src="../img/agenda.gif" align="middle" /> <a href="../calendar/agenda.php"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Ad_Valvas':
$tbl_announcement = $_course['dbNameGlu'].'announcement';
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id");
$myrow = Database::fetch_array($result);
echo '<img src="../img/valves.gif" align="middle" /> <a href="../announcements/announcements.php"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Link':
$TABLETOOLLINK = $_course['dbNameGlu'].'link';
$result = Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id");
$myrow = Database::fetch_array($result);
echo '<img src="../img/links.gif" align="middle" /> <a href="#" onclick="javascript:window.open(\'../link/link_goto.php?link_id='.$myrow['id'].'&amp;link_url='.urlencode($myrow['url'])."','MyWindow','width=500,height=400,top='+((screen.height-400)/2)+',left='+((screen.width-500)/2)+',scrollbars=1,resizable=1,menubar=1'); return false;\"".$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Exercise':
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result = Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id");
$myrow = Database::fetch_array($result);
echo '<img src="../img/quiz.gif" align="middle" /> <a href="../exercice/exercice_submit.php?exerciseId='.$myrow['id'].'"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Forum':
$TBL_FORUMS = $_course['dbNameGlu'].'bb_forums';
$result = Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id");
$myrow = Database::fetch_array($result);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewforum.php?forum='.$myrow['forum_id'].'&amp;md5='.$myrow['md5'].'"'.$styling.'>'.$myrow['forum_name']."</a><br />\n";
break;
@ -308,11 +308,11 @@ function display_addedresource_link($type, $id, $style='')
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu'].'bb_forums';
$result = Database::query("SELECT * FROM `$tbl_posts` posts, `$TBL_FORUMS` forum WHERE forum.forum_id=posts.forum_id and post_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_posts` posts, `$TBL_FORUMS` forum WHERE forum.forum_id=posts.forum_id and post_id=$id");
$myrow = Database::fetch_array($result);
// grabbing the title of the post
$sql_title = "SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_title = Database::query($sql_title,__FILE__,__LINE__);
$result_title = Database::query($sql_title);
$myrow_title = Database::fetch_array($result_title);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$myrow['topic_id'].'&amp;forum='.$myrow['forum_id'].'&amp;md5='.$myrow['md5'].'"'.$styling.'>'.$myrow_title['post_title']."</a><br />\n";
break;
@ -320,13 +320,13 @@ function display_addedresource_link($type, $id, $style='')
$tbl_post = Database::get_course_table(TABLE_FORUM_POST);
$tbl_post_text = Database::get_course_table(TOOL_FORUM_POST_TEXT_TABLE);
$sql = "SELECT * FROM $tbl_post p, $tbl_post_text t WHERE p.post_id = t.post_id AND p.post_id = $id";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$post = Database::fetch_object($result);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$post->topic_id.'&amp;forum='.$post->forum_id.'"'.$styling.'>'.$post->post_title."</a><br />\n";
break;
case 'Document':
$dbTable = $_course['dbNameGlu'].'document';
$result = Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$dbTable` WHERE id=$id");
$myrow = Database::fetch_array($result);
$pathname = explode('/',$myrow['path']); // making a correct name for the link
$last = count($pathname) - 1; // making a correct name for the link
@ -378,11 +378,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
{
case "Agenda":
$TABLEAGENDA = $_course['dbNameGlu']."calendar_event";
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id");
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
$agenda_id=$row['item_id'];
@ -427,11 +427,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Ad_Valvas":
$tbl_announcement = $_course['dbNameGlu']."announcement";
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id");
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["content"]=$row['title']; }
$desc=$row['description'];
$ann_id=$row['item_id'];
@ -486,11 +486,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Link" :
$TABLETOOLLINK = $_course['dbNameGlu']."link";
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id");
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -544,14 +544,14 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Exercise":
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id");
$myrow=Database::fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -609,7 +609,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -657,11 +657,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Forum":
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id");
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["forum_name"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -710,11 +710,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$sql="SELECT * FROM `$tbl_topics` where topic_id=$id";
$result= Database::query($sql,__FILE__,__LINE__);
$result= Database::query($sql);
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["topic_title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -761,15 +761,15 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id");
$myrow=Database::fetch_array($result);
// grabbing the title of the post
$sql_titel="SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_titel=Database::query($sql_titel,__FILE__,__LINE__);
$result_titel=Database::query($sql_titel);
$myrow_titel=Database::fetch_array($result_titel);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -822,7 +822,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Document":
$dbTable = $_course['dbNameGlu']."document";
$result=Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$result=Database::query("SELECT * FROM `$dbTable` WHERE id=$id");
$myrow=Database::fetch_array($result);
$pathname=explode("/",$myrow["path"]); // making a correct name for the link
@ -844,7 +844,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$image=choose_image($filename);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $filename=$row['title']; }
$desc=$row['description'];
@ -888,7 +888,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Assignments":
$name=get_lang('Assignments');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -935,7 +935,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Dropbox":
$name=get_lang('Dropbox');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -972,7 +972,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Introduction_text":
$name=get_lang('IntroductionText');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1011,7 +1011,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Course_description":
$name=get_lang('CourseDescription');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1049,7 +1049,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Groups":
$name=get_lang('Groups');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1086,7 +1086,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Users":
$name=get_lang('Users');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1151,11 +1151,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
{
case "Agenda":
$TABLEAGENDA = $_course['dbNameGlu']."calendar_event";
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id");
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
$agenda_id=$row['item_id'];
@ -1172,7 +1172,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Ad_Valvas":
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id");
$myrow=Database::fetch_array($result);
if ($builder != 'builder')
@ -1187,11 +1187,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Link" :
$TABLETOOLLINK = $_course['dbNameGlu']."link";
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id");
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
$thelink=$myrow["url"];
if ($builder != 'builder')
@ -1206,14 +1206,14 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Exercise":
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id");
$myrow=Database::fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
if ($builder != 'builder')
@ -1250,13 +1250,13 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Forum":
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id");
$myrow=Database::fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow["forum_name"]=$row['title']; }
if ($myrow["forum_name"]=='') { $type="Forum"; }
@ -1277,11 +1277,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$sql="SELECT * FROM `$tbl_topics` where topic_id=$id";
$result= Database::query($sql,__FILE__,__LINE__);
$result= Database::query($sql);
$myrow=Database::fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($builder != 'builder')
{
@ -1298,15 +1298,15 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id");
$myrow=Database::fetch_array($result);
// grabbing the title of the post
$sql_titel="SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_titel=Database::query($sql_titel,__FILE__,__LINE__);
$result_titel=Database::query($sql_titel);
$myrow_titel=Database::fetch_array($result_titel);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
$desc=$row['description'];
$link .= str_repeat("&nbsp;&gt;",$level);
@ -1337,7 +1337,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$filename=$pathname[$last]; // making a correct name for the link
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=Database::query($sql,__FILE__,__LINE__); $row=Database::fetch_array($result);
$result=Database::query($sql); $row=Database::fetch_array($result);
if ($builder != 'builder')
{
@ -1450,7 +1450,7 @@ function delete_one_added_resource($source_type, $source_id, $resource_type, $re
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$source_type' and source_id='$source_id' and resource_type='$resource_type' and resource_id='$resource_id'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
*/
/**
@ -1462,7 +1462,7 @@ function delete_added_resource($type, $id)
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
/**
@ -1476,7 +1476,7 @@ function delete_all_resources_type($type)
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
/**
@ -1487,7 +1487,7 @@ function check_added_resources($type, $id)
global $_course, $origin;
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$number_added=Database::num_rows($result);
if ($number_added<>0)
return true;
@ -1506,7 +1506,7 @@ function edit_added_resources($type, $id)
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id=$id";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
$addedresource[]=$row["resource_type"];
@ -1528,7 +1528,7 @@ function update_added_resources($type, $id)
// delete all the added resources for this item in the database;
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type' AND source_id='$id'";
//echo $sql;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
// store the resources from the session into the database
store_resources($type, $id);
@ -1549,7 +1549,7 @@ function display_added_resources($type, $id, $style='')
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
if ($origin != 'learnpath')

36
main/resourcelinker/resourcelinker.php
Unescape View File

@ -124,12 +124,12 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
// get max display_order so far in this parent chapter
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_chapter WHERE learnpath_id = $learnpath_id "." AND parent_chapter_id = $chapter_id";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res);
$max_temp = $row[0];
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_item WHERE "." chapter_id = $chapter_id";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res);
$max_temp2 = $row[0];
if ($max_temp2 > $max_temp)
@ -142,7 +142,7 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
}
$sql = "INSERT INTO $tbl_learnpath_chapter "."(learnpath_id,chapter_name,chapter_description,parent_chapter_id,display_order) "." VALUES "."($learnpath_id, '$title', '$description', $chapter_id, $order )";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if ($res !== false)
{
$title = '';
@ -164,7 +164,7 @@ if (!empty ($_POST['external_link_submit']))
}
$sql = "INSERT INTO $link_table (url, title, category_id) VALUES ('$external_link','$external_link','$add_2_links')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$addedresource[] = "Link";
$addedresourceid[] = Database::insert_id();
$_SESSION['addedresource'] = $addedresource;
@ -209,7 +209,7 @@ if ($add)
$i = 0;
//calculating the last order of the items of this chapter
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_item WHERE chapter_id=$chapter_id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if(Database::num_rows($result)==0){
$lastorder_item = 0;
}else{
@ -217,7 +217,7 @@ if ($add)
$lastorder_item = ($row[0]);
}
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_chapter WHERE parent_chapter_id=$chapter_id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if(Database::num_rows($result)==0){
$lastorder_chapter = 0;
}else{
@ -232,7 +232,7 @@ if ($add)
if ($addedresource_item == "Chap")
{
$sql = "INSERT INTO $tbl_learnpath_chapter ("."'learnpath_id','chapter_name','chapter_description','parent_chapter_id','display_order'".") VALUES (".$learnpath_id.",'".$learnpath_chapter_name."','".$learnpath_chapter_description."',".$chapter_id.",".$lastorder.")";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
if (!$addedresourceassigned[$i])
@ -271,7 +271,7 @@ if ($add)
$addedresource_item .= ' '.$target;
}
$sql = "INSERT INTO $tbl_learnpath_item (id, chapter_id, item_type, item_id, display_order) VALUES ( '$autoid', '$chapter_id', '$addedresource_item','$addedresourceid[$i]','".$lastorder."')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$addedresourceassigned[$i] = 1;
$resource_added = true;
}
@ -722,7 +722,7 @@ if ($content == "Ad_Valvas")
$tbl_announcement = Database :: get_course_table(TABLE_ANNOUNCEMENT);
$sql = "SELECT * FROM ".$tbl_announcement." a, ".$item_property_table." i WHERE i.tool = '".TOOL_ANNOUNCEMENT."' AND a.id=i.ref AND i.visibility='1' AND i.to_group_id = 0 AND i.to_user_id IS NULL ORDER BY a.display_order ASC";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
while ($myrow = Database::fetch_array($result))
{
echo "<table width=\"100%\"><tr><td>";
@ -754,7 +754,7 @@ if ($content == "Forum")
if (!$forum and !$thread)
{
$sql = "SELECT * FROM ".$TBL_FORUMS." forums, ".$TBL_CATAGORIES." categories WHERE forums.cat_id=categories.cat_id ORDER BY forums.cat_id DESC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($myrow = Database::fetch_array($result))
{
if ($myrow["cat_title"] !== $old_cat_title)
@ -772,13 +772,13 @@ if ($content == "Forum")
{
// displaying the category title
$sql = "SELECT * FROM ".$TBL_CATAGORIES." WHERE cat_id=$category";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$myrow = Database::fetch_array($result);
echo "<tr><td bgcolor='#4171B5' colspan='2'><font color='white'><b>".$myrow["cat_title"]."</b></font></td></tr>";
// displaying the forum title
$sql = "SELECT * FROM ".$TBL_FORUMS." forums, ".$TBL_FORUMTOPICS." topics WHERE forums.forum_id=topics.forum_id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$myrow = Database::fetch_array($result);
echo "<tr><td bgcolor='#cccccc' colspan='2'><b>".$myrow["forum_name"]."</b></td></tr>";
@ -786,7 +786,7 @@ if ($content == "Forum")
{
// displaying all the threads of this forum
$sql = "SELECT * FROM ".$TBL_FORUMTOPICS." WHERE forum_id=$forum";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($myrow = Database::fetch_array($result))
{
echo "<tr><td><a href='".api_get_self()."?content=Forum&category=$category&forum=1&thread=".$myrow["topic_id"]."&action=$action&learnpath_id=$learnpath_id&chapter_id=$chapter_id&originalresource=no'>".$myrow["topic_title"]."</a> (".$myrow["prenom"]." ".$myrow["nom"].")</td><td>";
@ -798,7 +798,7 @@ if ($content == "Forum")
{
// displaying all the replies
$sql = "SELECT * FROM ".$tbl_posts." post, ".$tbl_posts_text." post_text WHERE post_text.post_id=post.post_id and post.topic_id=$thread ORDER BY post_text.post_id ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($myrow = Database::fetch_array($result))
{
echo "<tr><td><b>".$myrow["post_title"]."</b><br>";
@ -845,7 +845,7 @@ if ($content == "Link")
// showing the links that are in the root (having no category)
$sql = "SELECT * FROM ".$link_table." l, ".$item_property_table." ip WHERE (l.category_id=0 or l.category_id IS NULL) AND ip.tool = '".TOOL_LINK."' AND l.id=ip.ref AND ip.visibility='1'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{
echo "<table width=\"100%\"><tr><td bgcolor=\"#E6E6E6\"><i>".get_lang('NoCategory')."</i></td></tr></table>";
@ -865,7 +865,7 @@ if ($content == "Link")
{
$sql_links = "SELECT * FROM ".$link_table." l, ".$item_property_table." ip WHERE l.category_id='".$myrow["id"]."' AND ip.tool = '".TOOL_LINK."' AND l.id=ip.ref AND ip.visibility='1' ORDER BY l.display_order DESC";
echo "<table width=\"100%\"><tr><td bgcolor=\"#E6E6E6\"><i>".$myrow["category_title"]."</i></td></tr></table>";
$result_links = Database::query($sql_links, __FILE__, __LINE__);
$result_links = Database::query($sql_links);
while ($myrow = Database::fetch_array($result_links))
{
echo "<img src='../img/links.gif' />".$myrow["title"];
@ -898,7 +898,7 @@ if (($content == "Exercise") or ($content == "HotPotatoes"))
$TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$documentPath = api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$sql = "SELECT * FROM ".$TBL_DOCUMENT." WHERE (path LIKE '%htm%' OR path LIKE '%html%') AND path LIKE '".$uploadPath."/%/%' ORDER BY `id` ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($myrow = Database::fetch_array($result))
{
$path = $myrow["path"];
@ -943,7 +943,7 @@ if ($content == "Externallink")
$tbl_categories = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql = "SELECT * FROM `$tbl_categories` ORDER BY display_order ASC";
echo $sql;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
echo "<option value='".$row["id"]."'>".$row["category_title"]."</option>";

4
main/search/search_suggestions.php
Unescape View File

@ -15,7 +15,7 @@ function get_suggestions_from_search_engine($q) {
$sql_add = " AND course_code = '".$cid."' ";
}
$sql = "SELECT * FROM $table_sfv where value LIKE '%$q%'".$sql_add." ORDER BY course_code, tool_id, ref_id, field_id";
$sql_result = Database::query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql);
$data = array();
$i = 0;
while ($row = Database::fetch_array($sql_result)) {
@ -36,7 +36,7 @@ function get_suggestions_from_search_engine($q) {
$output = array();
$field_val = array();
$sql2 = "SELECT * FROM $table_sfv where course_code = '$cc' AND tool_id = '$ti' AND ref_id = '$ri' ORDER BY field_id";
$res2 = Database::query($sql2,__FILE__,__LINE__);
$res2 = Database::query($sql2);
// TODO this code doesn't manage multiple terms in one same field just yet (should duplicate results in this case)
$field_id = 0;
while ($row2 = Database::fetch_array($res2)) {

28
main/social/group_edit.php
Unescape View File

@ -1,4 +1,4 @@
<?php
<?php
/* For licensing terms, see /chamilo_license.txt */
/**
* @package dokeos.social
@ -33,17 +33,17 @@ function textarea_maxlength(){
document.forms[0].description.value = textarea;
}else{
textarea = document.forms[0].description.value;
}
}
}
function show_icon_edit(element_html) {
function show_icon_edit(element_html) {
ident="#edit_image";
$(ident).show();
}
}
function hide_icon_edit(element_html) {
ident="#edit_image";
$(ident).hide();
}
}
</script>';
$group_id = isset($_GET['id']) ? intval($_GET['id']) : intval($_POST['id']);
@ -55,7 +55,7 @@ $interbreadcrumb[] = array('url' => 'groups.php','name' => get_lang('Groups'));
$table_group = Database::get_main_table(TABLE_MAIN_GROUP);
$sql = "SELECT * FROM $table_group WHERE id = '".$group_id."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (Database::num_rows($res) != 1) {
header('Location: groups.php?id='.$group_id);
exit;
@ -63,8 +63,8 @@ if (Database::num_rows($res) != 1) {
//only group admins can edit the group
if (!GroupPortalManager::is_group_admin($group_id)) {
api_not_allowed();
}
api_not_allowed();
}
$group_data = Database::fetch_array($res, 'ASSOC');
@ -126,10 +126,10 @@ if ( $form->validate()) {
$name = $group['name'];
$description = $group['description'];
$url = $group['url'];
$url = $group['url'];
$status = intval($group['visibility']);
GroupPortalManager::update($group_id, $name, $description, $url, $status, $picture_uri);
GroupPortalManager::update($group_id, $name, $description, $url, $status, $picture_uri);
$tok = Security::get_token();
header('Location: groups.php?id='.$group_id.'&action=show_message&message='.urlencode(get_lang('GroupUpdated')).'&sec_token='.$tok);
exit();
@ -169,15 +169,15 @@ if ($image == '') {
//echo GroupPortalManager::show_group_column_information($group_id, api_get_user_id());
echo '<div id="social-content">';
echo '<div id="social-content-left">';
echo '<div id="social-content-left">';
//this include the social menu div
SocialManager::show_social_menu('group_edit',$group_id);
echo '</div>';
echo '<div id="social-content-right">';
// Display form
$form->display();
$form->display();
echo '</div>';
echo '</div>';
echo '</div>';
// Footer
Display::display_footer();

94
main/social/group_invitation.php
Unescape View File

@ -4,7 +4,7 @@
* @package dokeos.social
* @author Julio Montoya <gugli100@gmail.com>
*/
// name of the language file that needs to be included
$language_file=array('userInfo');
@ -18,20 +18,20 @@ require_once ('../inc/lib/xajax/xajax.inc.php');
api_block_anonymous_users();
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.js" type="text/javascript" language="javascript"></script>'; //jQuery
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.js" type="text/javascript" language="javascript"></script>';
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.js" type="text/javascript" language="javascript"></script>';
$htmlHeadXtra[] = '<link rel="stylesheet" href="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.css" type="text/css" media="projection, screen">';
$htmlHeadXtra[] = '<script type="text/javascript">
function show_icon_edit(element_html) {
function show_icon_edit(element_html) {
ident="#edit_image";
$(ident).show();
}
}
function hide_icon_edit(element_html) {
ident="#edit_image";
$(ident).hide();
}
}
</script>';
$xajax = new xajax();
//$xajax->debugOn();
@ -75,8 +75,8 @@ if (empty($group_id)) {
}
//only admin or moderator can do that
if (!GroupPortalManager::is_group_member($group_id)) {
api_not_allowed();
}
api_not_allowed();
}
}
function search_users($needle,$type) {
@ -98,7 +98,7 @@ function search_users($needle,$type) {
$group_id = Database::escape_string($group_id);
// check id_user from session_rel_user table
$sql = 'SELECT id_user FROM '.$tbl_group_rel_user.' WHERE group_id ="'.(int)$group_id.'"';
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$user_ids = array();
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
@ -148,7 +148,7 @@ function search_users($needle,$type) {
}
}
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$i=0;
if ($type=='single') {
while ($user = Database :: fetch_array($rs)) {
@ -230,28 +230,28 @@ if($_POST['form_sent']) {
$firstLetterUser = $_POST['firstLetterUser'];
$firstLetterSession = $_POST['firstLetterSession'];
$user_list = $_POST['sessionUsersList'];
$group_id = intval($_POST['id']);
if(!is_array($user_list)) {
$user_list=array();
}
if ($form_sent == 1) {
if ($form_sent == 1) {
//invite this users
$result = GroupPortalManager::add_users_to_groups($user_list, array($group_id), GROUP_USER_PERMISSION_PENDING_INVITATION);
$title = get_lang('YouAreInvitedToGroup').' '.$group_info['name'];
$content = get_lang('YouAreInvitedToGroupContent').' '.$group_info['name'].' <br />';
$content .= get_lang('ToSubscribeClickInTheLinkBelow').' <br />';
$content .= '<a href="'.api_get_path(WEB_CODE_PATH).'social/invitations.php?accept='.$group_id.'">'.get_lang('Subscribe').'</a>';
if (is_array($user_list) && count($user_list) > 0) {
//send invitation message
foreach($user_list as $user_id ){
$result = MessageManager::send_message($user_id, $title, $content);
$result = MessageManager::send_message($user_id, $title, $content);
}
}
}
}
}
$nosessionUsersList = $sessionUsersList = array();
@ -279,32 +279,32 @@ if ($ajax_search) {
WHERE access_url_id = $access_url_id
$order_clause";
}
}
$result=Database::query($sql,__FILE__,__LINE__);
}
$result=Database::query($sql);
$Users=Database::store_result($result);
foreach ($Users as $user) {
$sessionUsersList[$user['user_id']] = $user ;
}
} else {
$friends = SocialManager::get_friends(api_get_user_id());
} else {
$friends = SocialManager::get_friends(api_get_user_id());
$suggest_friends = false;
if (!$friends) {
$suggest_friends = true;
$suggest_friends = true;
} else {
foreach($friends as $friend) {
$group_friend_list = GroupPortalManager::get_groups_by_user($friend['friend_user_id'], 0);
//var_dump($group_friend_list);
$group_friend_list = GroupPortalManager::get_groups_by_user($friend['friend_user_id'], 0);
//var_dump($group_friend_list);
$friend_group_id = '';
if (isset($group_friend_list[$group_id]) && $group_friend_list[$group_id]['id'] == $group_id) {
$friend_group_id = $group_id;
}
//var_dump ($group_friend_list[$group_id]['relation_type']);
if ($group_friend_list[$group_id]['relation_type'] == '' ) {
if ($group_friend_list[$group_id]['relation_type'] == '' ) {
$Users[$friend['friend_user_id']]=array('user_id' => $friend['friend_user_id'], 'firstname' =>$friend['firstName'], 'lasttname' => $friend['lastName'], 'username' =>$friend['username'],'group_id'=>$friend_group_id );
}
}
}
}
if (is_array($Users) && count($Users) > 0 ) {
foreach ($Users as $user) {
@ -333,31 +333,31 @@ if ($add_type == 'multiple') {
//Shows left column
//echo GroupPortalManager::show_group_column_information($group_id, api_get_user_id());
echo '<div id="social-content">';
echo '<div id="social-content-left">';
echo '<div id="social-content-left">';
//this include the social menu div
SocialManager::show_social_menu('invite_friends',$group_id);
echo '</div>';
echo '<div id="social-content-right">';
if (count($nosessionUsersList) == 0) {
echo get_lang('YouNeedToHaveFriendsInYourSocialNetwork');
echo '<div>';
echo '<a href="search.php">'.get_lang('TryAndFindSomeFriends').'</a>';
echo '</div>';
echo '</div>'; // end layout right
echo '</div>'; //
echo '</div>'; //
Display::display_footer();
exit;
exit;
}
?>
<form name="formulaire" method="post" action="<?php echo api_get_self(); ?>?id=<?php echo $group_id; ?><?php if(!empty($_GET['add'])) echo '&add=true' ; ?>" style="margin:0px;" <?php if($ajax_search){echo ' onsubmit="valide();"';}?>>
<?php
@ -438,7 +438,7 @@ if(!empty($errorMsg)) {
?>
<div id="ajax_list_users_multiple">
<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:320px;">
<?php
<?php
foreach($nosessionUsersList as $enreg) {
?>
<option value="<?php echo $enreg['user_id']; ?>" <?php if(in_array($enreg['user_id'],$UserList)) echo 'selected="selected"'; ?>><?php echo api_get_person_name($enreg['firstname'], $enreg['lastname']).' ('.$enreg['username'].')'; ?></option>
@ -498,24 +498,24 @@ unset($sessionUsersList);
</form>
<?php
//current group members
//current group members
$members = GroupPortalManager::get_users_by_group($group_id, false, array(GROUP_USER_PERMISSION_PENDING_INVITATION));
if (is_array($members) && count($members)>0) {
foreach ($members as &$member) {
$image_path = UserManager::get_user_picture_path_by_id($member['user_id'], 'web', false, true);
$picture = UserManager::get_picture_user($member['user_id'], $image_path['file'],80);
$image_path = UserManager::get_user_picture_path_by_id($member['user_id'], 'web', false, true);
$picture = UserManager::get_picture_user($member['user_id'], $image_path['file'],80);
$member['image'] = '<img src="'.$picture['file'].'" width="50px" height="50px" />';
}
}
echo '<span class="social-groups-text1"><strong>'.get_lang('UsersAlreadyInvited').'</strong></span>';
Display::display_sortable_grid('invitation_profile', array(), $members, array('hide_navigation'=>true, 'per_page' => 100), $query_vars, false, array(true, false, true,true));
}
echo '</div>'; // end layout right
echo '</div>'; //
echo '</div>'; //
?>
<script type="text/javascript">

110
main/social/home.php
Unescape View File

@ -4,7 +4,7 @@
* @package dokeos.social
* @author Julio Montoya <gugli100@gmail.com>
*/
$language_file = array('userInfo');
$cidReset = true;
@ -20,30 +20,30 @@ $show_full_profile = true;
$this_section = SECTION_SOCIAL;
$interbreadcrumb[]= array ('url' => 'home.php','name' => get_lang('Social'));
api_block_anonymous_users();
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.js" type="text/javascript" language="javascript"></script>'; //jQuery
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.js" type="text/javascript" language="javascript"></script>';
$htmlHeadXtra[] = '<link rel="stylesheet" href="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.css" type="text/css" media="projection, screen">';
$htmlHeadXtra[] = '<script type="text/javascript">
function show_icon_edit(element_html) {
function show_icon_edit(element_html) {
ident="#edit_image";
$(ident).show();
}
}
function hide_icon_edit(element_html) {
ident="#edit_image";
$(ident).hide();
}
}
</script>';
//fast upload image
if (api_get_setting('profile', 'picture') == 'true') {
require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
$form = new FormValidator('profile', 'post', 'home.php', null, array());
// PICTURE
// PICTURE
$form->addElement('file', 'picture', get_lang('AddImage'));
$form->add_progress_bar();
if (!empty($user_data['picture_uri'])) {
@ -52,15 +52,15 @@ if (api_get_setting('profile', 'picture') == 'true') {
$allowed_picture_types = array ('jpg', 'jpeg', 'png', 'gif');
$form->addRule('picture', get_lang('OnlyImagesAllowed').' ('.implode(',', $allowed_picture_types).')', 'filetype', $allowed_picture_types);
$form->addElement('style_submit_button', 'apply_change', get_lang('SaveSettings'), 'class="save"');
if ($form->validate()) {
$user_data = $form->getSubmitValues();
// upload picture if a new one is provided
if ($_FILES['picture']['size']) {
if ($_FILES['picture']['size']) {
if ($new_picture = UserManager::update_user_picture(api_get_user_id(), $_FILES['picture']['name'], $_FILES['picture']['tmp_name'])) {
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "UPDATE $table_user SET picture_uri = '$new_picture' WHERE user_id = ".api_get_user_id();
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
}
}
@ -69,59 +69,59 @@ if (api_get_setting('profile', 'picture') == 'true') {
Display :: display_header(get_lang('Home'));
$user_info = UserManager :: get_user_info_by_id(api_get_user_id());
$user_online_list = WhoIsOnline(api_get_setting('time_limit_whosonline'),true);
$user_online_count = count($user_online_list);
$user_online_count = count($user_online_list);
echo '<div id="social-content">';
echo '<div id="social-content-left">';
echo '<div id="social-content-left">';
//this include the social menu div
SocialManager::show_social_menu('home');
SocialManager::show_social_menu('home');
echo '</div>';
echo '<div id="social-content-right">';
echo '<div class="social-box-main1">';
echo '<div class="social-box-left">';
// information current user
// information current user
echo '<div class="social-box-container1">
<div>'.Display::return_icon('boxmygroups.jpg').'</div>
<div class="social-box-content1">';
echo '<div>'.$image.'</div>';
echo '<div>'.$image.'</div>';
echo '<div><p><strong>'.get_lang('Name').'</strong><br /><span class="social-groups-text4">'.api_get_person_name($user_info['firstname'], $user_info['lastname']).'</span></p></div>
<div><p><strong>'.get_lang('Email').'</strong><br /><span class="social-groups-text4">'.($user_info['email']?$user_info['email']:'').'</span></p></div>
<div class="box_description_group_actions" ><a href="'.api_get_path(WEB_PATH).'main/auth/profile.php">'.Display::return_icon('profile_edit.png', get_lang('EditProfile'), array('hspace'=>'6')).get_lang('EditProfile').$url_close.'</a></div>
</div>
<div class="box_description_group_actions" ><a href="'.api_get_path(WEB_PATH).'main/auth/profile.php">'.Display::return_icon('profile_edit.png', get_lang('EditProfile'), array('hspace'=>'6')).get_lang('EditProfile').$url_close.'</a></div>
</div>
</div>';
if (count($user_online_list) > 0) {
echo '<div class="social-box-container1">
<div>'.Display::return_icon('boxmygroups.jpg').'</div>
<div class="social-box-content1">
<div><p class="groupTex3"><strong>'.get_lang('UsersOnline').'</strong> </p></div>
<div>';
echo '<center>'.SocialManager::display_user_list($user_online_list).'</center>';
<div>';
echo '<center>'.SocialManager::display_user_list($user_online_list).'</center>';
echo '</div>
</div>
</div>';
}
echo '</div>';
echo '<div class="social-box-right">';
echo '<br />';
echo UserManager::get_search_form($query);
echo '<br />';
$results = GroupPortalManager::get_groups_by_age(1,false);
echo '<br />';
$results = GroupPortalManager::get_groups_by_age(1,false);
$groups_newest = array();
foreach ($results as $result) {
$id = $result['id'];
@ -129,15 +129,15 @@ echo '<div id="social-content">';
$url_close = '</span></a>';
$count_users_group = count(GroupPortalManager::get_all_users_by_group($id));
if ($count_users_group == 1 ) {
$count_users_group = $count_users_group.' '.get_lang('Member');
$count_users_group = $count_users_group.' '.get_lang('Member');
} else {
$count_users_group = $count_users_group.' '.get_lang('Members');
}
$result['name'] = $url_open.api_ucwords(cut($result['name'],40,true)).' ('.$count_users_group.') '.$url_close.Display::return_icon('linegroups.jpg','').'<div>'.get_lang('DescriptionGroup').'</div>';
$picture = GroupPortalManager::get_picture_group($id, $result['picture_uri'],80);
$picture = GroupPortalManager::get_picture_group($id, $result['picture_uri'],80);
$result['picture_uri'] = '<img class="social-groups-image" src="'.$picture['file'].'" hspace="10" height="44" border="2" align="left" width="44" />';
$actions = '<div class="box_description_group_actions" ><a href="groups.php?view=newest">'.get_lang('SeeMore').$url_close.'</div>';
$actions = '<div class="box_description_group_actions" ><a href="groups.php?view=newest">'.get_lang('SeeMore').$url_close.'</div>';
$groups_newest[]= array($url_open.$result['picture_uri'].$url_close, $result['name'], cut($result['description'],120,true).$actions);
}
@ -145,36 +145,36 @@ echo '<div id="social-content">';
$groups_pop = array();
foreach ($results as $result) {
$id = $result['id'];
$url_open = '<a href="groups.php?id='.$id.'"><span class="social-groups-text1">';
$url_close = '</span></a>';
$url_close = '</span></a>';
if ($result['count'] == 1 ) {
$result['count'] = $result['count'].' '.get_lang('Member');
$result['count'] = $result['count'].' '.get_lang('Member');
} else {
$result['count'] = $result['count'].' '.get_lang('Members');
}
$result['name'] = $url_open.api_ucwords(cut($result['name'],40,true)).' ('.$result['count'].') '.$url_close.Display::return_icon('linegroups.jpg').'<div>'.get_lang('DescriptionGroup').'</div>';
$picture = GroupPortalManager::get_picture_group($id, $result['picture_uri'],80);
$picture = GroupPortalManager::get_picture_group($id, $result['picture_uri'],80);
$result['picture_uri'] = '<img class="social-groups-image" src="'.$picture['file'].'" hspace="10" height="44" border="2" align="left" width="44" />';
$actions = '<div class="box_description_group_actions" ><a href="groups.php?view=pop">'.get_lang('SeeMore').$url_close.'</div>';
$actions = '<div class="box_description_group_actions" ><a href="groups.php?view=pop">'.get_lang('SeeMore').$url_close.'</div>';
$groups_pop[]= array($url_open.$result['picture_uri'].$url_close, $result['name'], cut($result['description'],120,true).$actions);
}
if (count($groups_newest) > 0) {
echo '<div class="social-groups-home-title">'.api_strtoupper(get_lang('Newest')).'</div>';
if (count($groups_newest) > 0) {
echo '<div class="social-groups-home-title">'.api_strtoupper(get_lang('Newest')).'</div>';
Display::display_sortable_grid('home_group', array(), $groups_newest, array('hide_navigation'=>true, 'per_page' => 100), $query_vars, false, array(true, true, true,false));
echo '<br />';
echo '<br />';
}
if (count($groups_pop) > 0) {
echo '<div class="social-groups-home-title">'.api_strtoupper(get_lang('Popular')).'</div>';
Display::display_sortable_grid('home_group', array(), $groups_pop, array('hide_navigation'=>true, 'per_page' => 100), $query_vars, false, array(true, true, true,true,true));
}
echo '</div>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '</div>';
Display :: display_footer();

202
main/social/profile.php
Unescape View File

@ -62,7 +62,7 @@ require_once $libpath.'magpierss/rss_fetch.inc';
api_block_anonymous_users();
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.js" type="text/javascript" language="javascript"></script>'; //jQuery
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.corners.min.js" type="text/javascript" language="javascript"></script>';
$htmlHeadXtra[] = '<script src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/jquery.corners.min.js" type="text/javascript" language="javascript"></script>';
$htmlHeadXtra[] = '<script type="text/javascript" src="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.js"></script>';
$htmlHeadXtra[] = '<link rel="stylesheet" href="'.api_get_path(WEB_LIBRARY_PATH).'javascript/thickbox.css" type="text/css" media="projection, screen">';
$htmlHeadXtra[] = '
@ -177,18 +177,18 @@ function register_friend(element_input) {
});
}
}
function show_icon_edit(element_html) {
function show_icon_edit(element_html) {
ident="#edit_image";
$(ident).show();
}
}
function hide_icon_edit(element_html) {
ident="#edit_image";
$(ident).hide();
}
}
</script>';
if (isset($_GET['shared'])) {
@ -252,24 +252,24 @@ $user_online_list = WhoIsOnline(api_get_setting('time_limit_whosonline'), true);
$user_online_count = count($user_online_list);
echo '<div id="social-content">';
echo '<div id="social-content-left">';
echo '<div id="social-content-left">';
//this include the social menu div
SocialManager::show_social_menu('shared_profile', null, $user_id, $show_full_profile);
echo '</div>';
echo '<div id="social-content-right">';
echo '<div class="social-box-main1">';
echo '<div class="social-box-left">';
echo '<div class="social-box-main1">';
echo '<div class="social-box-left">';
echo '<div>'.Display::return_icon('boxmygroups.jpg').'</div>';
echo '<div class="social-box-content1">';
if (!empty($user_info['firstname']) || !empty($user_info['lastname'])) {
echo '<div><h3>'.api_get_person_name($user_info['firstname'], $user_info['lastname']).'</h3></div>';
} else {
//--- Basic Information
echo '<div><h3>'.get_lang('Information').'</h3></div>';
echo '<div><h3>'.get_lang('Information').'</h3></div>';
}
if ($show_full_profile) {
echo '<div class="social-profile-info">';
echo '<dt>'.get_lang('UserName').'</dt><dd>'. $user_info['username'].' </dd>';
@ -277,7 +277,7 @@ echo '<div id="social-content-right">';
echo '<dt>'.get_lang('Name').'</dt><dd>'. api_get_person_name($user_info['firstname'], $user_info['lastname']).'</dd>';*/
if (!empty($user_info['official_code']))
echo '<dt>'.get_lang('OfficialCode').'</dt><dd>'.$user_info['official_code'].'</dd>';
if (!empty($user_info['email']))
if (api_get_setting('show_email_addresses')=='true')
echo '<dt>'.get_lang('Email').'</dt><dd>'.$user_info['email'].'</dd>';
@ -292,9 +292,9 @@ echo '<div id="social-content-right">';
echo '<dt>'.get_lang('UserName').'</dt><dd>'. $user_info['username'].'</dd>';
echo '</div>';
}
echo '<div class="clear"></div>';
// Extra information
if ($show_full_profile) {
//-- Extra Data
@ -303,16 +303,16 @@ echo '<div id="social-content-right">';
$extra_user_data = UserManager::get_extra_user_data($user_id);
$extra_information = '';
if (is_array($extra_user_data) && count($extra_user_data)>0 ) {
$extra_information = '<br />';
$extra_information .= '<div><h3>'.get_lang('ExtraInformation').'</h3></div>';
$extra_information .='<div class="social-profile-info">';
$extra_information_value = '';
$extra_information_value = '';
foreach($extra_user_data as $key=>$data) {
// get display text, visibility and type from user_field table
$field_variable = str_replace('extra_','',$key);
$sql = "SELECT field_display_text,field_visible,field_type,id FROM $t_uf WHERE field_variable ='$field_variable'";
$res_field = Database::query($sql,__FILE__,__LINE__);
$res_field = Database::query($sql);
$row_field = Database::fetch_row($res_field);
$field_display_text = $row_field[0];
$field_visible = $row_field[1];
@ -328,7 +328,7 @@ echo '<div id="social-content-right">';
// get option display text from user_field_options table
foreach ($id_options as $id_option) {
$sql = "SELECT option_display_text FROM $t_ufo WHERE id = '$id_option'";
$res_options = Database::query($sql,__FILE__,__LINE__);
$res_options = Database::query($sql);
$row_options = Database::fetch_row($res_options);
$value_options[] = $row_options[0];
}
@ -339,8 +339,8 @@ echo '<div id="social-content-right">';
foreach ($user_tags as $tags) {
//$tag_tmp[] = $tags['tag'];
$tag_tmp[] = '<a href="'.api_get_path(WEB_PATH).'main/social/search.php?q='.$tags['tag'].'">'.$tags['tag'].'</a>';
}
if (is_array($user_tags) && count($user_tags)>0) {
}
if (is_array($user_tags) && count($user_tags)>0) {
$extra_information_value .= '<dt>'.ucfirst($field_display_text).':</dt><dd>'.implode(', ',$tag_tmp).'</dd>';
}
} else {
@ -356,22 +356,22 @@ echo '<div id="social-content-right">';
$extra_information .= $extra_information_value;
}
$extra_information .= '</div>';
}
}
// if there are information to show
if (!empty($extra_information_value)) echo $extra_information;
}
echo '</div>'; // close div tag .social-box-content1
echo '</div>'; // close div tag .social-box-left
if ($show_full_profile) {
echo '<div class="social-box-left">';
echo '<div>'.Display::return_icon('boxmygroups.jpg').'</div>';
echo '<div class="social-box-content1">';
$list_path_friends= $list_path_normal_friends = $list_path_parents = array();
//SOCIALGOODFRIEND , USER_RELATION_TYPE_FRIEND, USER_RELATION_TYPE_PARENT
@ -382,47 +382,47 @@ echo '<div id="social-content-right">';
$number_of_images = 6;
$number_friends = 0;
$list_friends_id = array();
$number_friends = count($friends);
$number_friends = count($friends);
if ($number_friends != 0) {
$friend_html.= '<div><h3>'.get_lang('SocialFriend').'</h3></div>';
if ($number_friends != 0) {
$friend_html.= '<div><h3>'.get_lang('SocialFriend').'</h3></div>';
$friend_html.= '<div id="friend-container" class="social-friend-container">';
$friend_html.= '<div id="friend-header" >';
if ($number_friends == 1) {
$friend_html.= '<div style="float:left;width:80%">'.$number_friends.' '.get_lang('Friend').'</div>';
} else {
$friend_html.= '<div style="float:left;width:80%">'.$number_friends.' '.get_lang('Friends').'</div>';
}
if ($number_friends > $number_of_images) {
if ($number_friends > $number_of_images) {
if (api_get_user_id() == $user_id) {
$friend_html.= '<div style="float:right;width:20%"><a href="friends.php">'.get_lang('SeeAll').'</a></div>';
} else {
$friend_html.= '<div style="float:right;width:20%"><a href="'.api_get_path(WEB_CODE_PATH).'social/profile_friends_and_groups.inc.php?view=friends&height=390&width=610&&user_id='.$user_id.'" class="thickbox" title="'.get_lang('SeeAll').'" >'.get_lang('SeeAll').'</a></div>';
}
}
$friend_html.= '</div>'; // close div friend-header
$j=1;
for ($k=0;$k<$number_friends;$k++) {
if ($j > $number_of_images) break;
if ($j > $number_of_images) break;
if (isset($friends[$k])) {
$friend = $friends[$k];
$friend = $friends[$k];
$name_user = api_get_person_name($friend['firstName'], $friend['lastName']);
$friend_html.='<div id=div_'.$friend['friend_user_id'].' class="image_friend_network" ><span><center>';
// the height = 92 must be the sqme in the image_friend_network span style in default.css
$friends_profile = SocialManager::get_picture_user($friend['friend_user_id'], $friend['image'], 92, USER_IMAGE_SIZE_MEDIUM , 'width="85" height="90" ');
$friend_html.='<a href="profile.php?u='.$friend['friend_user_id'].'&amp;'.$link_shared.'">';
$friend_html.='<img src="'.$friends_profile['file'].'" '.$friends_profile['style'].' id="imgfriend_'.$friend['friend_user_id'].'" title="'.$name_user.'" />';
$friend_html.= '</center></span>';
$friend_html.= '<center class="friend">'.$name_user.'</a></center>';
$friend_html.= '</div>';
}
}
$j++;
}
} else {
@ -435,94 +435,94 @@ echo '<div id="social-content-right">';
}
$friend_html.= '</div>';
echo $friend_html;
echo '</div>';
echo '</div>';
}
echo '</div>'; // close div tag .social-box-main1
if ($show_full_profile) {
// MY GROUPS
$results = GroupPortalManager::get_groups_by_user($my_user_id, 0);
// MY GROUPS
$results = GroupPortalManager::get_groups_by_user($my_user_id, 0);
$grid_my_groups = array();
$max_numbers_of_group = 4;
if (is_array($results) && count($results) > 0) {
$i = 1;
foreach ($results as $result) {
if ($i > $max_numbers_of_group) break;
foreach ($results as $result) {
if ($i > $max_numbers_of_group) break;
$id = $result['id'];
$url_open = '<a href="groups.php?id='.$id.'">';
$url_close = '</a>';
$icon = '';
$name = api_strtoupper(cut($result['name'],20,true));
if ($result['relation_type'] == GROUP_USER_PERMISSION_ADMIN) {
$icon = '';
$name = api_strtoupper(cut($result['name'],20,true));
if ($result['relation_type'] == GROUP_USER_PERMISSION_ADMIN) {
$icon = Display::return_icon('admin_star.png', get_lang('Admin'), array('style'=>'vertical-align:middle;width:16px;height:16px;'));
} elseif ($result['relation_type'] == GROUP_USER_PERMISSION_MODERATOR) {
} elseif ($result['relation_type'] == GROUP_USER_PERMISSION_MODERATOR) {
$icon = Display::return_icon('moderator_star.png', get_lang('Moderator'), array('style'=>'vertical-align:middle;width:16px;height:16px;'));
}
$count_users_group = count(GroupPortalManager::get_all_users_by_group($id));
if ($count_users_group == 1 ) {
$count_users_group = $count_users_group.' '.get_lang('Member');
$count_users_group = $count_users_group.' '.get_lang('Member');
} else {
$count_users_group = $count_users_group.' '.get_lang('Members');
}
}
$picture = GroupPortalManager::get_picture_group($result['id'], $result['picture_uri'],80);
$item_name = '<div class="box_shared_profile_group_title">'.$url_open.'<span class="social-groups-text1">'.api_strtoupper($name).'</span>'. $icon.$url_close.'</div>';
if ($result['description'] != '') {
if ($result['description'] != '') {
$item_description = '<div class="box_shared_profile_group_description"><span class="social-groups-text2">'.get_lang('DescriptionGroup').'</span><p class="social-groups-text4">'.cut($result['description'],100,true).'</p></div>';
} else {
$item_description = '<div class="box_shared_profile_group_description"><span class="social-groups-text2"></span><p class="social-groups-text4"></p></div>';
}
$result['picture_uri'] = '<div class="box_shared_profile_group_image"><img class="social-groups-image" src="'.$picture['file'].'" hspace="4" height="50" border="2" align="left" width="50" /></div>';
$item_actions = '';
if (api_get_user_id() == $user_id) {
$item_actions = '<div class="box_shared_profile_group_actions"><a href="groups.php?id='.$id.'">'.get_lang('SeeMore').$url_close.'</div>';
}
$item_actions = '<div class="box_shared_profile_group_actions"><a href="groups.php?id='.$id.'">'.get_lang('SeeMore').$url_close.'</div>';
}
$grid_my_groups[]= array($item_name,$url_open.$result['picture_uri'].$url_close, $item_description.$item_actions);
$i++;
$i++;
}
}
if (count($grid_my_groups) > 0) {
echo '<div class="social-box-main1">';
echo '<div class="social-box-main1">';
echo '<div class="social-box-container2">';
echo '<div>'.Display::return_icon('content-post-group1.jpg').'</div>';
echo '<div class="social-box-content2">';
echo '<div><h3>'.get_lang('MyGroups').'</h3></div>';
$count_groups = 0;
if (count($results) == 1 ) {
$count_groups = count($results).' '.get_lang('Group');
$count_groups = count($results).' '.get_lang('Group');
} else {
$count_groups = count($results).' '.get_lang('Groups');
}
echo '<div>'.$count_groups.'</div>';
if ($i > $max_numbers_of_group) {
if ($i > $max_numbers_of_group) {
if (api_get_user_id() == $user_id) {
echo '<div class="box_shared_profile_group_actions"><a href="groups.php?view=mygroups">'.get_lang('SeeAllMyGroups').'</a></div>';
echo '<div class="box_shared_profile_group_actions"><a href="groups.php?view=mygroups">'.get_lang('SeeAllMyGroups').'</a></div>';
} else {
echo '<div class="box_shared_profile_group_actions"><a href="'.api_get_path(WEB_CODE_PATH).'social/profile_friends_and_groups.inc.php?view=mygroups&height=390&width=610&&user_id='.$user_id.'" class="thickbox" title="'.get_lang('SeeAll').'" >'.get_lang('SeeAllMyGroups').'</a></div>';
echo '<div class="box_shared_profile_group_actions"><a href="'.api_get_path(WEB_CODE_PATH).'social/profile_friends_and_groups.inc.php?view=mygroups&height=390&width=610&&user_id='.$user_id.'" class="thickbox" title="'.get_lang('SeeAll').'" >'.get_lang('SeeAllMyGroups').'</a></div>';
}
}
Display::display_sortable_grid('shared_profile_mygroups', array(), $grid_my_groups, array('hide_navigation'=>true, 'per_page' => 2), $query_vars, false, array(true, true, true,false));
echo '</div>';
echo '</div>';
echo '</div>';
Display::display_sortable_grid('shared_profile_mygroups', array(), $grid_my_groups, array('hide_navigation'=>true, 'per_page' => 2), $query_vars, false, array(true, true, true,false));
echo '</div>';
echo '</div>';
echo '</div>';
}
// COURSES LIST
if ($show_full_profile) {
if ( is_array($list) ) {
echo '<div class="social-box-main1">';
echo '<div class="social-box-main1">';
echo '<div class="social-box-container2">';
echo '<div>'.Display::return_icon('content-post-group1.jpg').'</div>';
echo '<div class="social-box-content2">';
echo '<div><h3>'.api_ucfirst(get_lang('MyCourses')).'</h3></div>';
echo '<div class="social-box-content2">';
echo '<div><h3>'.api_ucfirst(get_lang('MyCourses')).'</h3></div>';
echo '<div class="social-content-training">';
//Courses whithout sessions
$old_user_category = 0;
@ -544,26 +544,26 @@ echo '<div id="social-content-right">';
} elseif ( !empty($value[2]) ) { //if there is a session but it is not active
$listInactives[] = $value;
}
}
echo '</div>';
echo '</div>';
}
echo '</div>';
echo '</div>';
echo '</div>';
}
}
// user feeds
if ($show_full_profile) {
$user_feeds = SocialManager::get_user_feeds($user_id);
if (!empty($user_feeds )) {
echo '<div class="social-box-main1">';
if (!empty($user_feeds )) {
echo '<div class="social-box-main1">';
echo '<div class="social-box-container2">';
echo '<div>'.Display::return_icon('content-post-group1.jpg').'</div>';
echo '<div class="social-box-content2">';
echo '<div><h3>'.get_lang('RSSFeeds').'</h3></div>';
echo '<div><h3>'.get_lang('RSSFeeds').'</h3></div>';
echo '<div class="social-content-training">'.$user_feeds.'</div>';
//echo '<div class="clear"></div>';
echo '</div>';
echo '</div>';
//echo '<div class="clear"></div>';
echo '</div>';
echo '</div>';
echo '</div>';
}
}
@ -579,18 +579,18 @@ echo '<div id="social-content-right">';
}
$count_pending_invitations = 0;
if (!isset($_GET['u']) || (isset($_GET['u']) && $_GET['u']==api_get_user_id())) {
if (!isset($_GET['u']) || (isset($_GET['u']) && $_GET['u']==api_get_user_id())) {
$pending_invitations = SocialManager::get_list_invitation_of_friends_by_user_id(api_get_user_id());
$list_get_path_web=SocialManager::get_list_web_path_user_invitation_by_user_id(api_get_user_id());
$count_pending_invitations = count($pending_invitations);
}
echo '<div class="social-box-main1">';
if (!empty($production_list) || !empty($file_list) || $count_pending_invitations > 0) {
echo '<div class="social-box-left">';
echo '<div class="social-box-left">';
//Pending invitations
if (!isset($_GET['u']) || (isset($_GET['u']) && $_GET['u']==api_get_user_id())) {
if (!isset($_GET['u']) || (isset($_GET['u']) && $_GET['u']==api_get_user_id())) {
if ($count_pending_invitations > 0) {
echo '<div>'.Display::return_icon('boxmygroups.jpg').'</div>';
echo '<div class="social-box-content1">';
@ -612,28 +612,28 @@ echo '<div id="social-content-right">';
echo '</div>';
}
}
echo '<div>'.Display::return_icon('boxmygroups.jpg').'</div>';
echo '<div class="social-box-content1">';
//--Productions
//--Productions
$production_list = UserManager::build_production_list($user_id);
if (!empty($production_list )) {
echo '<div><h3>'.get_lang('MyProductions').'</h3></div>';
echo '<div class="rounded1">';
echo $production_list;
echo '</div>';
echo '</div>';
}
// Images uploaded by course
// Images uploaded by course
if (!empty($file_list)) {
echo '<div><h3>'.get_lang('ImagesUploaded').'</h3></div>';
echo '<div class="social-content-information">';
echo $file_list;
echo '</div>';
}
echo '</div>'; // close div tag .social-box-content1
}
echo '</div>'; // close div tag .social-box-content1
echo '</div>'; // close div tag .social-box-left
}
if (!empty($user_info['competences']) || !empty($user_info['diplomas']) || !empty($user_info['openarea']) || !empty($user_info['teach']) ) {
if (!empty($user_info['competences']) || !empty($user_info['diplomas']) || !empty($user_info['openarea']) || !empty($user_info['teach']) ) {
echo '<div class="social-box-left">';
echo '<div>'.Display::return_icon('boxmygroups.jpg').'</div>';
echo '<div class="social-box-content1">';
@ -647,11 +647,11 @@ echo '<div id="social-content-right">';
echo '<div class="social-profile-extended">'.$user_info['competences'].'</div>';
echo '</div>';
echo '<br />';
}
}
if (!empty($user_info['diplomas'])) {
echo '<div class="social-background-content" style="width:100%;" >';
echo '<div class="social-actions-message"><strong>'.get_lang('MyDiplomas').'</strong></div>';
echo '<div class="social-profile-extended">'.$user_info['diplomas'].'</div>';
echo '<div class="social-profile-extended">'.$user_info['diplomas'].'</div>';
echo '</div>';
echo '<br />';
}
@ -669,11 +669,11 @@ echo '<div id="social-content-right">';
echo '</div>';
echo '<br />';
}
echo '</div>';
echo '</div>';
echo '</div>';
echo '</div>';
}
echo '</div>'; // close div tag .social-box-main
}
echo '</div>'; // close div tag .socialContentRight

36
main/survey/fillsurvey.php
Unescape View File

@ -93,7 +93,7 @@ if ($invitationcode == "auto" && isset($_GET['scode'])){
$autoInvitationcode = "auto-$userid-".$scode; //new invitation code from userid
// the survey code must exist in this course, or the URL is invalid
$sql = "SELECT * FROM $table_survey WHERE code='" . $scode . "'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database :: num_rows($result) > 0){ // ok
// check availability
$row = Database :: fetch_array($result, 'ASSOC'); //
@ -101,11 +101,11 @@ if ($invitationcode == "auto" && isset($_GET['scode'])){
check_time_availability($tempdata); //exit if survey not available anymore
// check for double invitation records (insert should be done once)
$sql = "SELECT user from $table_survey_invitation where invitation_code = '".Database::escape_string($autoInvitationcode)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database :: num_rows($result) == 0){ // ok
$sql = "insert into $table_survey_invitation (survey_code,user, invitation_code, invitation_date) ";
$sql .= " values (\"$scode\", \"$userid\", \"$autoInvitationcode\", now())";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
// from here we use the new invitationcode auto-userid-surveycode string
$_GET['invitationcode'] = $autoInvitationcode;
@ -136,7 +136,7 @@ if ($survey_invitation['answered'] == 1 && !isset($_GET['user_id']))
// checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 1)
{
@ -179,7 +179,7 @@ if (count($_POST)>0)
{
// getting all the types of the question (because of the special treatment of the score question type
$sql = "SELECT * FROM $table_survey_question WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -222,7 +222,7 @@ if (count($_POST)>0)
if ($types[$survey_question_id] == 'percentage')
{
$sql = "SELECT * FROM $table_survey_question_option WHERE question_option_id='".Database::escape_string($value)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$option_value = $row['option_text'];
} else {
@ -253,7 +253,7 @@ if (count($_POST)>0)
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
AND survey_group_pri='0' $shuffle
";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
// there is only one question type for conditional surveys
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -271,7 +271,7 @@ if (count($_POST)>0)
// we select the correct answer and the puntuacion
$sql = "SELECT value FROM $table_survey_question_option " .
" WHERE question_option_id='".Database::escape_string($value)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$option_value = $row['value'];
//$option_value = 0;
@ -569,7 +569,7 @@ if ($survey_data['form_fields'] && $survey_data['anonymous'] == 0 && is_array($u
// remove trailing , from the query we have so far
$sql = rtrim($sql, ',');
$sql .= " WHERE user_id = '" . $user_id . "'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
//update the extra fields
if (is_array($extras)) {
foreach ($extras as $key => $value) {
@ -634,7 +634,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
if($row['type'] == 'pagebreak')
@ -682,7 +682,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
ORDER BY survey_question.sort, survey_question_option.sort ASC";
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$question_counter_max = Database::num_rows($result);
$counter = 0;
$limit=0;
@ -734,7 +734,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
ORDER BY survey_group_pri
";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database :: fetch_array($result)) {
$answer_list['value']=$row['value'];
$answer_list['group']=$row['survey_group_pri'];
@ -755,7 +755,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
GROUP BY temp.survey_group_pri
ORDER BY temp.survey_group_pri";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
$list['value']=$row['value'];
@ -955,7 +955,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
WHERE survey_id = '".$my_survey_id."'
AND ($secondary )
ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$counter=0;
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -1005,7 +1005,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
AND survey_question.question_id IN (".implode(',',$paged_questions_sec[$val]).")
ORDER $shuffle ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$question_counter_max = Database::num_rows($result);
$counter = 0;
$limit=0;
@ -1069,7 +1069,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
AND survey_group_sec1='0' AND survey_group_sec2='0'
ORDER ".$order_sql." ";
//echo "<br>";echo "<br>";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$counter=0;
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -1124,7 +1124,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
WHERE survey_question.survey_id = '" . Database :: escape_string($survey_invitation['survey_id']) . "'
AND survey_question.question_id IN (" .$imploded. ")
ORDER $order_sql ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$question_counter_max = Database :: num_rows($result);
}
}
@ -1167,7 +1167,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
// selecting the maximum number of pages
$sql = "SELECT * FROM $table_survey_question WHERE type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_invitation['survey_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$numberofpages = Database::num_rows($result) + 1;
// Displaying the form with the questions

14
main/survey/preview.php
Unescape View File

@ -120,7 +120,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_id)."'
ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
@ -142,9 +142,9 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
AND survey_question.question_id IN (".Database::escape_string(implode(',',$paged_questions[$_GET['show']])).")
ORDER BY survey_question.sort, survey_question_option.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$question_counter_max = Database::num_rows($result);
$limit=0;
$result = Database::query($sql);
$question_counter_max = Database::num_rows($result);
$limit=0;
while ($row = Database::fetch_array($result))
{
// if the type is not a pagebreak we store it in the $questions array
@ -169,7 +169,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
}
// selecting the maximum number of pages
$sql = "SELECT * FROM $table_survey_question WHERE type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_id)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$numberofpages = Database::num_rows($result) + 1;
// Displaying the form with the questions
if (isset($_GET['show']))
@ -181,7 +181,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
$show = 0;
}
echo '<form id="question" name="question" method="post" action="'.api_get_self().'?survey_id='.Security::remove_XSS($survey_id).'&show='.$show.'">';
if(is_array($questions) && count($questions)>0)
{
foreach ($questions as $key=>$question)
@ -190,7 +190,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
$display->render_question($question);
}
}
if (($show < $numberofpages) || (!$_GET['show'] && count($questions) > 0))
{
echo '<br /><button type="submit" name="next_survey_page" class="next">'.get_lang('NextQuestion').' </button>';

2
main/survey/question.php
Unescape View File

@ -89,7 +89,7 @@ if (api_strlen(strip_tags($survey_data['title'])) > 40) {
if($survey_data['survey_type']==1) {
$sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).' WHERE survey_id = '.(int)$_GET['survey_id'].' LIMIT 1';
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
if(Database::num_rows($rs)===0) {
header('Location: survey.php?survey_id='.(int)$_GET['survey_id'].'&message='.'YouNeedToCreateGroups');
exit;

6
main/survey/survey.download.inc.php
Unescape View File

@ -46,7 +46,7 @@ function check_download_survey($course, $invitation, $doc_url) {
// now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($invitation)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) < 1)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
@ -72,7 +72,7 @@ function check_download_survey($course, $invitation, $doc_url) {
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 1)
{
if ($_POST['language'])
@ -115,7 +115,7 @@ function check_download_survey($course, $invitation, $doc_url) {
and (
option_text LIKE '%$doc_url%'
)";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) == 0)
{

192
main/survey/survey.lib.php
Unescape View File

@ -84,7 +84,7 @@ class survey_manager
}
$sql = "SELECT * FROM $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$return = array();
if (Database::num_rows($result)> 0) {
@ -141,7 +141,7 @@ class survey_manager
{
// check if the code doesn't soon exists in this language
$sql = 'SELECT 1 FROM '.$table_survey.' WHERE code="'.Database::escape_string($values['survey_code']).'" AND lang="'.Database::escape_string($values['survey_language']).'"';
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if(Database::num_rows($rs)>0)
{
$return['message'] = 'ThisSurveyCodeSoonExistsInThisLanguage';
@ -216,10 +216,10 @@ class survey_manager
{
$additional['columns'] .= ', survey_version';
$sql = 'SELECT survey_version FROM '.$table_survey.' WHERE parent_id = '.Database::escape_string($values['parent_id']).' ORDER BY survey_version DESC LIMIT 1';
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
if(Database::num_rows($rs)===0) {
$sql = 'SELECT survey_version FROM '.$table_survey.' WHERE survey_id = '.Database::escape_string($values['parent_id']);
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
$getversion = Database::fetch_array($rs,ASSOC);
if(empty($getversion['survey_version']))
{
@ -271,7 +271,7 @@ class survey_manager
'".Database::escape_string($values['anonymous'])."'".$additional['values'].",
".intval($_SESSION['id_session'])."
)";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$survey_id = Database::insert_id();
if ($survey_id > 0) {
//insert into item_property
@ -293,7 +293,7 @@ class survey_manager
// check if the code doesn't soon exists in this language
$sql = 'SELECT 1 FROM '.$table_survey.' WHERE code="'.Database::escape_string($values['survey_code']).'" AND lang="'.Database::escape_string($values['survey_language']).'" AND survey_id!='.intval($values['survey_id']);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if(Database::num_rows($rs)>0)
{
$return['message'] = 'ThisSurveyCodeSoonExistsInThisLanguage';
@ -354,7 +354,7 @@ class survey_manager
surveythanks = '".Database::escape_string($values['survey_thanks'])."',
anonymous = '".Database::escape_string($values['anonymous'])."'".$additionalsets."
WHERE survey_id = '".Database::escape_string($values['survey_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
//update into item_property (update)
api_item_property_update(api_get_course_info(), TOOL_SURVEY, Database::escape_string($values['survey_id']), 'SurveyUpdated', api_get_user_id());
@ -400,7 +400,7 @@ class survey_manager
'".Database::escape_string($values['survey_thanks'])."',
'".date('Y-m-d H:i:s')."',
'".$_course['id']."')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$return = Database::insert_id();
}
else
@ -415,7 +415,7 @@ class survey_manager
intro = '".Database::escape_string($values['survey_introduction'])."',
surveythanks = '".Database::escape_string($values['survey_thanks'])."'
WHERE survey_id = '".Database::escape_string($values['survey_share']['survey_share'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$return = $values['survey_share']['survey_share'];
}
return $return;
@ -442,11 +442,11 @@ class survey_manager
// deleting the survey
$sql = "DELETE from $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
// deleting groups of this survey
$sql = "DELETE from $table_survey_question_group WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
// deleting the questions of the survey
survey_manager::delete_all_survey_questions($survey_id, $shared);
@ -467,33 +467,33 @@ class survey_manager
$parent_survey = Database::escape_string($parent_survey);
//get groups
$sql = "SELECT * from $table_survey_question_group WHERE survey_id='".$parent_survey."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)===0) return true;
while($row = Database::fetch_array($res,ASSOC)){
$sql1 = 'INSERT INTO '.$table_survey_question_group.' (name,description,survey_id) VALUES (\''.Database::escape_string($row['name']).'\',\''.Database::escape_string($row['description']).'\',\''.$new_survey_id.'\')';
$res1 = Database::query($sql1, __FILE__, __LINE__);
$res1 = Database::query($sql1);
$group_id[$row['id']] = Database::insert_id();
}
//get questions
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".$parent_survey."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
while($row = Database::fetch_array($res,ASSOC)){
$sql2 = 'INSERT INTO '.$table_survey_question.' (survey_id,survey_question,survey_question_comment,type,display,sort,shared_question_id,max_value,survey_group_pri,survey_group_sec1,survey_group_sec2) VALUES '.
'(\''.$new_survey_id.'\',\''.Database::escape_string($row['survey_question']).'\',\''.Database::escape_string($row['survey_comment']).'\',\''.$row['type'].'\',\''.$row['display'].'\',\''.$row['sort'].'\',\''.$row['shared_question_id'].'\',\''.$row['max_value'].
'\',\''.$group_id[$row['survey_group_pri']].'\',\''.$group_id[$row['survey_group_sec1']].'\',\''.$group_id[$row['survey_group_sec2']].'\')';
$res2 = Database::query($sql2, __FILE__, __LINE__);
$res2 = Database::query($sql2);
$question_id[$row['question_id']] = Database::insert_id();
}
//get questions options
$sql = "SELECT * FROM $table_survey_options WHERE survey_id='".$parent_survey."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
while($row = Database::fetch_array($res,ASSOC)){
$sql3 = 'INSERT INTO '.$table_survey_options.' (question_id,survey_id,option_text,sort,value) VALUES ('.
"'".$question_id[$row['question_id']]."','".$new_survey_id."','".Database::escape_string($row['option_text'])."','".$row['sort']."','".$row['value']."')";
$res3 = Database::query($sql3, __FILE__, __LINE__);
$res3 = Database::query($sql3);
}
return true;
}
@ -522,13 +522,13 @@ class survey_manager
}
$sql = 'DELETE FROM '.$table_survey_invitation.' WHERE survey_code = "'.Database::escape_string($datas['code']).'" '.$session_where.' ';
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = 'DELETE FROM '.$table_survey_answer.' WHERE survey_id='.intval($survey_id);
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = 'UPDATE '.$table_survey.' SET invited=0, answered=0 WHERE survey_id='.intval($survey_id);
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return true;
}
@ -556,11 +556,11 @@ class survey_manager
// storing this value in the survey table
$sql = "UPDATE $table_survey SET answered = '".Database::escape_string($number)."' WHERE survey_id = '".Database::escape_string($survey_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
// storing that the user has finished the survey.
$sql = "UPDATE $table_survey_invitation SET answered='1' WHERE session_id='".api_get_session_id()."' AND user='".Database::escape_string($user)."' AND survey_code='".Database::escape_string($survey_code)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
}
/**
@ -657,7 +657,7 @@ class survey_manager
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE question_id='".Database::escape_string($question_id)."' ORDER BY `sort`";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$return['survey_id'] = $row['survey_id'];
$return['question_id'] = $row['question_id'];
@ -681,7 +681,7 @@ class survey_manager
// getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option WHERE question_id='".Database::escape_string($question_id)."' ORDER BY `sort` ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
/** @todo this should be renamed to options instead of answers */
@ -715,7 +715,7 @@ class survey_manager
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
$return[$row['question_id']]['survey_id'] = $row['survey_id'];
@ -730,7 +730,7 @@ class survey_manager
// getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
$return[$row['question_id']]['answers'][] = $row['option_text'];
@ -814,7 +814,7 @@ class survey_manager
{
// finding the max sort order of the questions in the given survey
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($form_content['survey_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$max_sort = $row['max_sort'];
@ -845,7 +845,7 @@ class survey_manager
'".Database::escape_string($form_content['maximum_score'])."'".
$additional['value']."
)";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$question_id = Database::insert_id();
$form_content['question_id'] = $question_id;
$return_message = 'QuestionAdded';
@ -874,7 +874,7 @@ class survey_manager
max_value = '".Database::escape_string($form_content['maximum_score'])."'" .
$additionalsets."
WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$return_message = 'QuestionUpdated';
}
// storing the options of the question
@ -917,7 +917,7 @@ class survey_manager
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question
WHERE survey_id='".Database::escape_string($survey_data['survey_share'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$max_sort = $row['max_sort'];
@ -930,7 +930,7 @@ class survey_manager
'".Database::escape_string($form_content['horizontalvertical'])."',
'".Database::escape_string($max_sort+1)."',
'".Database::escape_string($_course['id'])."')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$shared_question_id = Database::insert_id();
}
// updating an existing question
@ -943,7 +943,7 @@ class survey_manager
display = '".Database::escape_string($form_content['horizontalvertical'])."'
WHERE question_id = '".Database::escape_string($form_content['shared_question_id'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$shared_question_id = $form_content['shared_question_id'];
}
@ -976,7 +976,7 @@ class survey_manager
// finding the two questions that needs to be swapped
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' ORDER BY sort $sort";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$found = false;
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -995,9 +995,9 @@ class survey_manager
}
$sql1 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_two)."' WHERE question_id='".Database::escape_string($question_id_one)."'";
$result = Database::query($sql1, __FILE__, __LINE__);
$result = Database::query($sql1);
$sql2 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_one)."' WHERE question_id='".Database::escape_string($question_id_two)."'";
$result = Database::query($sql2, __FILE__, __LINE__);
$result = Database::query($sql2);
}
@ -1022,7 +1022,7 @@ class survey_manager
// deleting the survey questions
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
// deleting all the options of the questions of the survey
survey_manager::delete_all_survey_questions_options($survey_id, $shared);
@ -1055,7 +1055,7 @@ class survey_manager
// deleting the survey questions
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
// deleting the options of the question of the survey
@ -1084,11 +1084,11 @@ class survey_manager
// deleting the survey questions
$sql = "DELETE FROM $table_survey_question WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
// deleting the options of the question of the survey question
$sql = "DELETE FROM $table_survey_question_option WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
}
/******************************************************************************************************
@ -1128,7 +1128,7 @@ class survey_manager
if (is_numeric($form_content['question_id']))
{
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
$counter=1;
@ -1143,7 +1143,7 @@ class survey_manager
'".Database::escape_string($form_content['answers'][$i])."',
'".Database::escape_string($form_content['values'][$i])."',
'".Database::escape_string($counter)."')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$counter++;
}
@ -1170,7 +1170,7 @@ class survey_manager
// we are editing a question so we first have to remove all the existing options from the database
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['shared_question_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$counter = 1;
@ -1181,7 +1181,7 @@ class survey_manager
'".Database::escape_string($survey_data['is_shared'])."',
'".Database::escape_string($answer)."',
'".Database::escape_string($counter)."')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$counter++;
}
}
@ -1216,7 +1216,7 @@ class survey_manager
// deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
return true;
}
@ -1243,7 +1243,7 @@ class survey_manager
// deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
return true;
}
@ -1268,7 +1268,7 @@ class survey_manager
*/
function delete_all_survey_answers($survey_id) {
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
Database::query('DELETE FROM '.$table_survey_answer.' WHERE survey_id='.$survey_id,__FILE__,__LINE__);
Database::query('DELETE FROM '.$table_survey_answer.' WHERE survey_id='.$survey_id);
return true;
}
@ -1309,7 +1309,7 @@ class survey_manager
{
$sql = "SELECT DISTINCT user FROM $table_survey_answer WHERE survey_id= '".Database::escape_string($survey_data['survey_id'])."'";
}
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
while ($row = Database::fetch_array($res,'ASSOC'))
{
if ($all_user_info)
@ -1402,7 +1402,7 @@ class question
if($survey_data['survey_type']==1) {
$table_survey_question_group = Database::get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = 'SELECT id,name FROM '.$table_survey_question_group.' WHERE survey_id = '.(int)$_GET['survey_id'].' ORDER BY name';
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
while($row = Database::fetch_array($rs,NUM)) {
$glist .= '<option value="'.$row[0].'" >'.$row[1].'</option>';
@ -1530,7 +1530,7 @@ class question
if ($message == 'QuestionAdded' || $message == 'QuestionUpdated' ) {
$sql='SELECT COUNT(*) FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION).' WHERE survey_id = '.(int)$_GET['survey_id'];
$res = Database :: fetch_array (Database::query($sql, __FILE__, __LINE__));
$res = Database :: fetch_array (Database::query($sql));
if ($config['survey']['debug']) {
Display :: display_header();
@ -2350,7 +2350,7 @@ class SurveyUtil {
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$total = Database::num_rows($result);
$counter=1;
$error = false;
@ -2395,7 +2395,7 @@ class SurveyUtil {
WHERE user = '".Database::escape_string($user)."'
AND survey_id = '".Database::escape_string($survey_id)."'
AND question_id = '".Database::escape_string($question_id)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
/**
* This function stores an answer of a user on a question of a survey
@ -2437,7 +2437,7 @@ class SurveyUtil {
'".Database::escape_string($option_id)."',
'".Database::escape_string($option_value)."'
)";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
/**
* This function checks the parameters that are used in this page
@ -2583,10 +2583,10 @@ class SurveyUtil {
if (!empty($survey_id) && !empty($user_id)) {
// delete data from survey_answer by user_id and survey_id
$sql = "DELETE FROM $table_survey_answer WHERE survey_id = '".(int)$survey_id."' AND user = '".(int)$user_id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
// update field answered from survey_invitation by user_id and survey_id
$sql = "UPDATE $table_survey_invitation SET answered = '0' WHERE survey_code = (SELECT code FROM $table_survey WHERE survey_id = '".(int)$survey_id."') AND user = '".(int)$user_id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
if($result !== false) {
$message = get_lang('SurveyUserAnswersHaveBeenRemovedSuccessfully').'<br />
@ -2688,7 +2688,7 @@ class SurveyUtil {
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort, survey_question_option.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
if($row['type'] <> 'pagebreak')
@ -2705,7 +2705,7 @@ class SurveyUtil {
// getting all the answers of the user
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."' AND user = '".Database::escape_string($_GET['user'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC'))
{
$answers[$row['question_id']][] = $row['option_id'];
@ -2802,7 +2802,7 @@ class SurveyUtil {
// getting the question information
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND type<>'pagebreak' AND type<>'comment' ORDER BY sort ASC LIMIT ".$offset.",1";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$question = Database::fetch_array($result);
// navigate through the questions (next and previous)
@ -2843,7 +2843,7 @@ class SurveyUtil {
/** @todo also get the user who has answered this */
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
echo $row['option_id'].'<hr noshade="noshade" size="1" />';
@ -2857,7 +2857,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
$options[$row['question_option_id']] = $row;
@ -2867,7 +2867,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
$number_of_answers += $row['total'];
@ -2935,7 +2935,7 @@ class SurveyUtil {
}
$sql = "SELECT user FROM $table_survey_answer WHERE option_id = '".Database::escape_string($_GET['viewoption'])."' $sql_restriction";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
echo '<a href="reporting.php?action=userreport&survey_id='.Security::remove_XSS($_GET['survey_id']).'&user='.$row['user'].'">'.$row['user'].'</a><br />';
@ -2960,7 +2960,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
$options[$row['question_option_id']] = $row;
@ -2971,7 +2971,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
$number_of_answers += $row['total'];
@ -3092,7 +3092,7 @@ class SurveyUtil {
AND q.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY q.question_id
ORDER BY q.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
// we show the questions if
@ -3142,7 +3142,7 @@ class SurveyUtil {
ON sq.question_id = sqo.question_id
WHERE sq.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY sq.sort ASC, sqo.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
// we show the options if
@ -3168,7 +3168,7 @@ class SurveyUtil {
$old_user='';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
if ($old_user <> $row['user'] AND $old_user<>'')
@ -3215,7 +3215,7 @@ class SurveyUtil {
if(intval($user)!==0)
{
$sql = 'SELECT firstname, lastname FROM '.Database::get_main_table(TABLE_MAIN_USER).' WHERE user_id='.intval($user);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if($row = Database::fetch_array($rs))
{
$user_displayed = api_get_person_name($row['firstname'], $row['lastname']);
@ -3317,7 +3317,7 @@ class SurveyUtil {
." WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY questions.question_id "
." ORDER BY questions.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
// we show the questions if
@ -3364,7 +3364,7 @@ class SurveyUtil {
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC, survey_question_option.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$possible_answers = array();
$possible_answers_type = array();
while ($row = Database::fetch_array($result))
@ -3397,7 +3397,7 @@ class SurveyUtil {
$sql .= "ORDER BY user ASC";
$open_question_iterator = 1;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
if ($old_user <> $row['user'] AND $old_user <> '')
@ -3444,7 +3444,7 @@ class SurveyUtil {
if(intval($user)!==0)
{
$sql = 'SELECT firstname, lastname FROM '.Database::get_main_table(TABLE_MAIN_USER).' WHERE user_id='.intval($user);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if($row = Database::fetch_array($rs))
{
$user_displayed = api_get_person_name($row['firstname'], $row['lastname']);
@ -3558,7 +3558,7 @@ class SurveyUtil {
." WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY questions.question_id "
." ORDER BY questions.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
// we show the questions if
@ -3607,7 +3607,7 @@ class SurveyUtil {
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC, survey_question_option.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$possible_answers = array();
$possible_answers_type = array();
while ($row = Database::fetch_array($result))
@ -3643,7 +3643,7 @@ class SurveyUtil {
$open_question_iterator = 1;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
if ($old_user <> $row['user'] AND $old_user <> '')
@ -3701,7 +3701,7 @@ class SurveyUtil {
if(intval($user)!==0)
{
$sql = 'SELECT firstname, lastname FROM '.Database::get_main_table(TABLE_MAIN_USER).' WHERE user_id='.intval($user);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if($row = Database::fetch_array($rs))
{
$user_displayed = api_get_person_name($row['firstname'], $row['lastname']);
@ -4000,7 +4000,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($survey_id)."'
AND question_id='".Database::escape_string($question_id)."'
ORDER BY USER ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
if ($row['value'] == 0)
@ -4089,7 +4089,7 @@ class SurveyUtil {
FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
while ($row = Database::fetch_array($res))
{
$survey_invitation_data[] = $row;
@ -4113,7 +4113,7 @@ class SurveyUtil {
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT count(user) AS total FROM $table_survey_invitation WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res,'ASSOC');
return $row['total'];
}
@ -4139,7 +4139,7 @@ class SurveyUtil {
}
$sql = "UPDATE $table_survey SET mail_subject='".Database::escape_string($mail_subject)."', $mail_field = '".Database::escape_string($mailtext)."' WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
/**
@ -4200,7 +4200,7 @@ class SurveyUtil {
if (!array_key_exists($value,$survey_invitations)) {
$sql = "INSERT INTO $table_survey_invitation (user, survey_code, invitation_code, invitation_date) VALUES
('".Database::escape_string($value)."','".Database::escape_string($survey_data['code'])."','".Database::escape_string($invitation_code)."','".Database::escape_string(date('Y-m-d H:i:s'))."')";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
}
// send the email if checkboxed
@ -4255,7 +4255,7 @@ class SurveyUtil {
if (is_numeric($invitedUser)) {
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT firstname, lastname, email FROM $table_user WHERE user_id='".Database::escape_string($invitedUser)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
$recipient_email = $row['email'];
$recipient_name = api_get_person_name($row['firstname'], $row['lastname'], null, PERSON_NAME_EMAIL_ADDRESS);
@ -4299,13 +4299,13 @@ class SurveyUtil {
// counting the number of people that are invited
$sql = "SELECT count(user) as total FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
$total_invited = $row['total'];
// updating the field in the survey table
$sql = "UPDATE $table_survey SET invited = '".Database::escape_string($total_invited)."' WHERE code = '".Database::escape_string($survey_code)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
/**
@ -4342,7 +4342,7 @@ class SurveyUtil {
$defaults = array();
$defaults['course_users'] = array();
$defaults['additional_users'] = '';
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result))
{
if (is_numeric($row['user']))
@ -4378,7 +4378,7 @@ class SurveyUtil {
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT * FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$return = array();
while ($row = Database::fetch_array($result))
{
@ -4634,7 +4634,7 @@ class SurveyUtil {
$search_restriction = 'WHERE '.$search_restriction;
}
$sql = "SELECT count(survey_id) AS total_number_of_items FROM ".$table_survey.' '.$search_restriction;
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
@ -4648,7 +4648,7 @@ class SurveyUtil {
$search_restriction = 'WHERE '.$search_restriction;
}
$sql = "SELECT count(survey_id) AS total_number_of_items FROM ".$table_survey.' '.$search_restriction;
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
*/
@ -4715,7 +4715,7 @@ class SurveyUtil {
$sql .= " GROUP BY survey.survey_id";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$surveys = array();
$array = array();
while ($survey = Database::fetch_array($res)) {
@ -4792,7 +4792,7 @@ class SurveyUtil {
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$surveys = array ();
while ($survey = Database::fetch_array($res))
{
@ -4824,7 +4824,7 @@ class SurveyUtil {
$all_question_id=array();
$sql='SELECT question_id from '.$table_survey_question;
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while($row=Database::fetch_array($result,'ASSOC')) {
$all_question_id[]=$row;
@ -4833,7 +4833,7 @@ class SurveyUtil {
$count=0;
for ($i=0;$i<count($all_question_id);$i++) {
$sql='SELECT COUNT(*) as count FROM '.$table_survey_answer.' WHERE question_id='.Database::escape_string($all_question_id[$i]['question_id']).' AND user='.api_get_user_id();
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while($row=Database::fetch_array($result,'ASSOC')) {
if ($row['count'] == 0) {
$count++;
@ -4857,13 +4857,13 @@ class SurveyUtil {
AND survey.avail_from <= '".date('Y-m-d H:i:s')."'
AND survey.avail_till >= '".date('Y-m-d H:i:s')."'
";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$counter = 0;
while ($row = Database::fetch_array($result,'ASSOC')) {
// get the user into survey answer table (user or anonymus)
$sql = "SELECT user FROM $table_survey_answer
WHERE survey_id = (SELECT survey_id from $table_survey WHERE code ='".Database::escape_string($row['code'])."')";
$result_answer = Database::query($sql, __FILE__, __LINE__);
$result_answer = Database::query($sql);
$row_answer = Database::fetch_array($result_answer,'ASSOC');
echo '<tr>';
if ($row['answered'] == 0)
@ -5154,9 +5154,9 @@ class SurveyUtil {
$sql2='SELECT COUNT(*) as count FROM '.$table_survey.' s INNER JOIN '.$table_survey_question.' q ON s.survey_id=q.survey_id WHERE s.code="'.$survey_code.'" AND q.type NOT IN("pagebreak","comment")';
$sql3='SELECT COUNT(DISTINCT question_id) as count FROM '.$table_survey_answer.' WHERE survey_id=(SELECT survey_id FROM '.$table_survey.' WHERE code="'.$survey_code.'") AND user="'.$user_answer.'" ';
$result=Database::query($sql,__FILE__,__LINE__);
$result2=Database::query($sql2,__FILE__,__LINE__);
$result3=Database::query($sql3,__FILE__,__LINE__);
$result=Database::query($sql);
$result2=Database::query($sql2);
$result3=Database::query($sql3);
$row=Database::fetch_array($result,'ASSOC');
$row2=Database::fetch_array($result2,'ASSOC');

8
main/survey/survey.php
Unescape View File

@ -177,7 +177,7 @@ echo ' </tr>';
// Displaying the table contents with all the questions
$question_counter = 1;
$sql = "SELECT * FROM $table_survey_question_group WHERE survey_id = '".Database::escape_string($survey_id)."' ORDER BY id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$groups = array();
while($row = Database::fetch_array($result)) {
$groups[$row['id']] = $row['name'];
@ -189,7 +189,7 @@ $sql = "SELECT survey_question.*, count(survey_question_option.question_option_i
WHERE survey_question.survey_id = '".Database::escape_string($survey_id)."'
GROUP BY survey_question.question_id
ORDER BY survey_question.sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$question_counter_max = Database::num_rows($result);
while ($row = Database::fetch_array($result,'ASSOC')) {
echo '<tr>';
@ -257,7 +257,7 @@ if($is_survey_type_1)
echo '<form action="survey.php?action=addgroup&survey_id='.$survey_id.'" method="post">';
if($_GET['action']=='editgroup') {
$sql = 'SELECT name,description FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' AND survey_id = '.Database::escape_string($survey_id).' limit 1';
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
$editedrow = Database::fetch_array($rs,'ASSOC');
echo '<input type="text" maxlength="20" name="name" value="'.$editedrow['name'].'" size="10" disabled>';
@ -280,7 +280,7 @@ if($is_survey_type_1)
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE survey_id = '.Database::escape_string($survey_id).' ORDER BY name';
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
while($row = Database::fetch_array($rs,ASSOC)){
$grouplist .= '<tr><td>'.$row['name'].'</td><td>'.$row['description'].'</td><td>'.
'<a href="survey.php?survey_id='.$survey_id.'&gid='.$row['id'].'&action=editgroup">'.

2
main/survey/survey_invitation.php
Unescape View File

@ -141,7 +141,7 @@ echo ' </tr>';
$sql = "SELECT survey_invitation.*, user.firstname, user.lastname, user.email FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_code = '".Database::escape_string($survey_data['code'])."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
while ($row = Database::fetch_assoc($res))
{
if (!$_GET['view'] OR $_GET['view'] == 'invited' OR ($_GET['view'] == 'answered' AND in_array($row['user'], $answered_data)) OR ($_GET['view'] == 'unanswered' AND !in_array($row['user'], $answered_data)))

2
main/survey/survey_invite.php
Unescape View File

@ -94,7 +94,7 @@ Display::display_header($tool_name,'Survey');
// checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_data['code'])."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 1)
{
Display::display_warning_message(get_lang('IdenticalSurveycodeWarning'));

Write Preview
Loading…
Cancel
Save